Gentoo Linux Security Advisories

GLSA 200407-15 (normal) - Opera: Multiple spoofing vulnerabilities
Opera contains three vulnerabilities, allowing an attacker to impersonate legitimate websites with URI obfuscation or to spoof websites with frame injection.
GLSA 200407-14 (high) - Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries
Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries.
GLSA 200407-13 (high) - PHP: Multiple security vulnerabilities
Multiple security vulnerabilities, potentially allowing remote code execution, were found and fixed in PHP.
GLSA 200407-12 (high) - Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling
A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine.
GLSA 200407-11 (normal) - wv: Buffer overflow vulnerability
A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application.
GLSA 200407-10 (normal) - rsync: Directory traversal in rsync daemon
Under specific conditions, the rsync daemon is vulnerable to a directory traversal allowing to write files outside a sync module.
GLSA 200407-09 (normal) - MoinMoin: Group ACL bypass
MoinMoin contains a bug allowing a user to bypass group ACLs (Access Control Lists).
GLSA 200407-08 (high) - Ethereal: Multiple security problems
Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.
GLSA 200407-07 (normal) - Shorewall : Insecure temp file handling
Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files.
GLSA 200407-06 (normal) - libpng: Buffer overflow on row buffers
libpng contains a buffer overflow vulnerability potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
GLSA 200407-05 (low) - XFree86, X.org: XDM ignores requestPort setting
XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.
GLSA 200407-04 (normal) - Pure-FTPd: Potential DoS when maximum connections is reached
Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.
GLSA 200407-03 (normal) - Apache 2: Remote denial of service attack
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. With certain configurations this could lead to a heap based buffer overflow.
GLSA 200407-02 (high) - Linux Kernel: Multiple vulnerabilities
Multiple vulnerabilities have been found in the Linux kernel used by GNU/Linux systems. Patched, or updated versions of these kernels have been released and details are included in this advisory.
GLSA 200407-01 (normal) - Esearch: Insecure temp file handling
The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.
GLSA 200406-22 (high) - Pavuk: Remote buffer overflow
Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
GLSA 200406-21 (high) - mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise.
GLSA 200406-20 (normal) - FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when authenticating PKCS#7 certificates. This could allow an attacker to authenticate with a fake certificate.
GLSA 200406-19 (low) - giFT-FastTrack: remote denial of service attack
There is a vulnerability where a carefully crafted signal sent to the giFT-FastTrack plugin will cause the giFT daemon to crash.
GLSA 200406-18 (normal) - gzip: Insecure creation of temporary files
gzip contain a bug potentially allowing an attacker to execute arbitrary commands.

« Previous 1 ... 139 140 141 142 143 ... 147 Next »

Also available in: Atom

Thank you!