From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-201412-08.xml | 430 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 430 insertions(+) create mode 100644 glsa-201412-08.xml (limited to 'glsa-201412-08.xml') diff --git a/glsa-201412-08.xml b/glsa-201412-08.xml new file mode 100644 index 00000000..f79fd240 --- /dev/null +++ b/glsa-201412-08.xml @@ -0,0 +1,430 @@ + + + + + + Multiple packages, Multiple vulnerabilities fixed in 2010 + This GLSA contains notification of vulnerabilities found in several + Gentoo packages which have been fixed prior to January 1, 2011. The worst + of these vulnerabilities could lead to local privilege escalation and + remote code execution. Please see the package list and CVE identifiers + below for more information. + + + December 11, 2014 + December 11, 2014: 1 + 159556 + 208464 + 253822 + 259968 + 298067 + 300375 + 300943 + 302478 + 307525 + 307633 + 315235 + 316697 + 319719 + 320961 + 322457 + 325507 + 326759 + 326953 + 329125 + 329939 + 331421 + 332527 + 333661 + local, remote + + + 6.7.1-r1 + 6.7.1-r1 + + + 804.028-r2 + 804.028-r2 + + + 5.1.4 + 5.1.4 + + + 8.4.18-r1 + 8.4.18-r1 + + + 0.6.8 + 0.6.8 + + + 7.1 + + + 1.2.17.1 + 1.2.17.1 + + + 2.2.49 + 2.2.49 + + + 1.2.0-r4 + 1.2.0-r4 + + + 1.4 + 1.4 + + + 4.2.4.3 + 4.2.4.3 + + + 0.2 + 0.2 + + + 1.5.4.3-r3 + 1.5.4.3-r3 + + + 1.4.14-r1 + 1.4.14-r1 + + + 4.3.5-r1 + 4.3.5-r1 + + + 2.18.7 + 2.18.7 + + + 4.3.5-r1 + 4.3.5-r1 + + + 1.13 + 1.13 + + + 1.4.6 + 1.4.6 + + + 0.9.23 + 0.9.23 + + + 4.3 + 4.3 + + + 3.7.1 + 3.7.1 + + + 4.0.6 + 4.0.6 + + + 2010.08.05 + 2010.08.05 + + + 1.3.2 + 1.3.2 + + + 20100418 + 20100418 + + + 1.1-r1 + 1.1-r1 + + + +

For more information on the packages listed in this GLSA, please see + their homepage referenced in the ebuild. +

+ + +

Vulnerabilities have been discovered in the packages listed below. + Please review the CVE identifiers in the Reference section for details. +

+ +
    +
  • Insight
    • +
  • Perl Tk Module
    • +
  • Source-Navigator
    • +
  • Tk
    • +
  • Partimage
    • +
  • Mlmmj
    • +
  • acl
    • +
  • Xinit
    • +
  • gzip
    • +
  • ncompress
    • +
  • liblzw
    • +
  • splashutils
    • +
  • GNU M4
    • +
  • KDE Display Manager
    • +
  • GTK+
    • +
  • KGet
    • +
  • dvipng
    • +
  • Beanstalk
    • +
  • Policy Mount
    • +
  • pam_krb5
    • +
  • GNU gv
    • +
  • LFTP
    • +
  • Uzbl
    • +
  • Slim
    • +
  • Bitdefender Console
    • +
  • iputils
    • +
  • DVBStreamer
    • +
+ + +

A context-dependent attacker may be able to gain escalated privileges, + execute arbitrary code, cause Denial of Service, obtain sensitive + information, or otherwise bypass security restrictions. +

+ + +

There are no known workarounds at this time.

+ + +

All Insight users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1" + + +

All Perl Tk Module users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2" + + +

All Source-Navigator users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4" + + +

All Tk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1" + + +

All Partimage users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8" + + +

All Mlmmj users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1" + + +

All acl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49" + + +

All Xinit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4" + + +

All gzip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4" + + +

All ncompress users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3" + + +

All liblzw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2" + + +

All splashutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-gfx/splashutils-1.5.4.3-r3" + + +

All GNU M4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1" + + +

All KDE Display Manager users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1" + + +

All GTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7" + + +

All KGet 4.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1" + + +

All dvipng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13" + + +

All Beanstalk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6" + + +

All Policy Mount users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23" + + +

All pam_krb5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3" + + +

All GNU gv users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1" + + +

All LFTP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6" + + +

All Uzbl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05" + + +

All Slim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2" + + +

All iputils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418" + + +

All DVBStreamer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1" + + +

Gentoo has discontinued support for Bitdefender Console. We recommend + that users unmerge Bitdefender Console: +

+ + + # emerge --unmerge "app-antivirus/bitdefender-console" + + +

NOTE: This is a legacy GLSA. Updates for all affected architectures have + been available since 2011. It is likely that your system is already no + longer affected by these issues. +

+ + + CVE-2006-3005 + CVE-2007-2741 + CVE-2008-0553 + CVE-2008-1382 + CVE-2008-5907 + CVE-2008-6218 + CVE-2008-6661 + CVE-2009-0040 + CVE-2009-0360 + CVE-2009-0361 + CVE-2009-0946 + CVE-2009-2042 + CVE-2009-2624 + CVE-2009-3736 + CVE-2009-4029 + CVE-2009-4411 + CVE-2009-4896 + CVE-2010-0001 + CVE-2010-0436 + CVE-2010-0732 + CVE-2010-0829 + CVE-2010-1000 + CVE-2010-1205 + CVE-2010-1511 + CVE-2010-2056 + CVE-2010-2060 + CVE-2010-2192 + CVE-2010-2251 + CVE-2010-2529 + CVE-2010-2809 + CVE-2010-2945 + + ackle + ackle + -- cgit v1.2.3-65-gdbad