Gentoo Linux Security Advisories

GLSA 200407-18 (normal) - mod_ssl: Format string vulnerability
A bug in mod_ssl may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy.
GLSA 200407-17 (high) - l2tpd: Buffer overflow
A buffer overflow in l2tpd could lead to remote code execution. It is not known whether this bug is exploitable.
GLSA 200407-16 (high) - Linux Kernel: Multiple DoS and permission vulnerabilities
Multiple permission vulnerabilities have been found in the Linux kernel, allowing an attacker to change the group IDs of files mounted on a remote filesystem (CAN-2004-0497), as well as an issue in 2.6 series kernels which allows /proc permissions to be bypassed. A context sharing vulnerability in vserver-sources is also handled by this advisory as well as CAN-2004-0447, CAN-2004-0496 and CAN-2004-0565. Patched, or updated versions of these kernels have been released and details are included along with this advisory.
GLSA 200407-15 (normal) - Opera: Multiple spoofing vulnerabilities
Opera contains three vulnerabilities, allowing an attacker to impersonate legitimate websites with URI obfuscation or to spoof websites with frame injection.
GLSA 200407-14 (high) - Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries
Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries.
GLSA 200407-13 (high) - PHP: Multiple security vulnerabilities
Multiple security vulnerabilities, potentially allowing remote code execution, were found and fixed in PHP.
GLSA 200407-12 (high) - Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling
A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine.
GLSA 200407-11 (normal) - wv: Buffer overflow vulnerability
A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application.
GLSA 200407-10 (normal) - rsync: Directory traversal in rsync daemon
Under specific conditions, the rsync daemon is vulnerable to a directory traversal allowing to write files outside a sync module.
GLSA 200407-09 (normal) - MoinMoin: Group ACL bypass
MoinMoin contains a bug allowing a user to bypass group ACLs (Access Control Lists).
GLSA 200407-08 (high) - Ethereal: Multiple security problems
Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.
GLSA 200407-07 (normal) - Shorewall : Insecure temp file handling
Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files.
GLSA 200407-06 (normal) - libpng: Buffer overflow on row buffers
libpng contains a buffer overflow vulnerability potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
GLSA 200407-05 (low) - XFree86, X.org: XDM ignores requestPort setting
XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.
GLSA 200407-04 (normal) - Pure-FTPd: Potential DoS when maximum connections is reached
Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.
GLSA 200407-03 (normal) - Apache 2: Remote denial of service attack
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. With certain configurations this could lead to a heap based buffer overflow.
GLSA 200407-02 (high) - Linux Kernel: Multiple vulnerabilities
Multiple vulnerabilities have been found in the Linux kernel used by GNU/Linux systems. Patched, or updated versions of these kernels have been released and details are included in this advisory.
GLSA 200407-01 (normal) - Esearch: Insecure temp file handling
The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.
GLSA 200406-22 (high) - Pavuk: Remote buffer overflow
Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
GLSA 200406-21 (high) - mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise.

« Previous 1 ... 140 141 142 143 144 ... 148 Next »

Also available in: Atom

Thank you!