- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200911-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Sun JDK/JRE: Multiple vulnerabilites
      Date: November 17, 2009
      Bugs: #182824, #231337, #250012, #263810, #280409, #291817
        ID: 200911-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilites in the Sun JDK and JRE allow for several
attacks, including the remote execution of arbitrary code.

Background
=========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sun-jre-bin                < 1.6.0.17                *>= 1.5.0.22
                                                           >= 1.6.0.17
  2  sun-jdk                    < 1.6.0.17                *>= 1.5.0.22
                                                           >= 1.6.0.17
  3  blackdown-jre            <= 1.4.2.03-r14              Vulnerable!
  4  blackdown-jdk            <= 1.4.2.03-r16              Vulnerable!
  5  emul-linux-x86-java        < 1.6.0.17                *>= 1.5.0.22
                                                           >= 1.6.0.17
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.
    -------------------------------------------------------------------
     5 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
==========
Multiple vulnerabilites have been reported in the Sun Java
implementation. Please review the CVE identifiers referenced below and
the associated Sun Alerts for details.

Impact
=====
A remote attacker could entice a user to open a specially crafted JAR
archive, applet, or Java Web Start application, possibly resulting in
the execution of arbitrary code with the privileges of the user running
the application. Furthermore, a remote attacker could cause a Denial of
Service affecting multiple services via several vectors, disclose
information and memory contents, write or execute local files, conduct
session hijacking attacks via GIFAR files, steal cookies, bypass the
same-origin policy, load untrusted JAR files, establish network
connections to arbitrary hosts and posts via several vectors, modify
the list of supported graphics configurations, bypass HMAC-based
authentication systems, escalate privileges via several vectors and
cause applet code to be executed with older, possibly vulnerable
versions of the JRE.

NOTE: Some vulnerabilities require a trusted environment, user
interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Sun JRE 1.5.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.5.0.22

All Sun JRE 1.6.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.6.0.17

All Sun JDK 1.5.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.5.0.22

All Sun JDK 1.6.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.6.0.17

All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the
latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
    =app-emulation/emul-linux-x86-java-1.5.0.22

All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the
latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
    =app-emulation/emul-linux-x86-java-1.6.0.17

All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and
precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge
Java 1.4:

    # emerge --unmerge =app-emulation/emul-linux-x86-java-1.4*
    # emerge --unmerge =dev-java/sun-jre-bin-1.4*
    # emerge --unmerge =dev-java/sun-jdk-1.4*
    # emerge --unmerge dev-java/blackdown-jdk
    # emerge --unmerge dev-java/blackdown-jre

Gentoo is ceasing support for the 1.4 generation of the Sun Java
Platform in accordance with upstream. All 1.4 JRE and JDK versions are
masked and will be removed shortly.

References
=========
  [ 1 ] CVE-2008-2086
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
  [ 2 ] CVE-2008-3103
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
  [ 3 ] CVE-2008-3104
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
  [ 4 ] CVE-2008-3105
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
  [ 5 ] CVE-2008-3106
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
  [ 6 ] CVE-2008-3107
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
  [ 7 ] CVE-2008-3108
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
  [ 8 ] CVE-2008-3109
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
  [ 9 ] CVE-2008-3110
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
  [ 10 ] CVE-2008-3111
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
  [ 11 ] CVE-2008-3112
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
  [ 12 ] CVE-2008-3113
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
  [ 13 ] CVE-2008-3114
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
  [ 14 ] CVE-2008-3115
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115
  [ 15 ] CVE-2008-5339
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
  [ 16 ] CVE-2008-5340
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
  [ 17 ] CVE-2008-5341
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
  [ 18 ] CVE-2008-5342
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
  [ 19 ] CVE-2008-5343
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
  [ 20 ] CVE-2008-5344
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
  [ 21 ] CVE-2008-5345
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
  [ 22 ] CVE-2008-5346
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
  [ 23 ] CVE-2008-5347
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347
  [ 24 ] CVE-2008-5348
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
  [ 25 ] CVE-2008-5349
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
  [ 26 ] CVE-2008-5350
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
  [ 27 ] CVE-2008-5351
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
  [ 28 ] CVE-2008-5352
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
  [ 29 ] CVE-2008-5353
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
  [ 30 ] CVE-2008-5354
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
  [ 31 ] CVE-2008-5355
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355
  [ 32 ] CVE-2008-5356
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
  [ 33 ] CVE-2008-5357
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
  [ 34 ] CVE-2008-5358
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358
  [ 35 ] CVE-2008-5359
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
  [ 36 ] CVE-2008-5360
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
  [ 37 ] CVE-2009-1093
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
  [ 38 ] CVE-2009-1094
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
  [ 39 ] CVE-2009-1095
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
  [ 40 ] CVE-2009-1096
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
  [ 41 ] CVE-2009-1097
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
  [ 42 ] CVE-2009-1098
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
  [ 43 ] CVE-2009-1099
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
  [ 44 ] CVE-2009-1100
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
  [ 45 ] CVE-2009-1101
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
  [ 46 ] CVE-2009-1102
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102
  [ 47 ] CVE-2009-1103
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
  [ 48 ] CVE-2009-1104
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
  [ 49 ] CVE-2009-1105
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
  [ 50 ] CVE-2009-1106
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
  [ 51 ] CVE-2009-1107
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
  [ 52 ] CVE-2009-2409
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
  [ 53 ] CVE-2009-2475
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475
  [ 54 ] CVE-2009-2476
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476
  [ 55 ] CVE-2009-2670
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
  [ 56 ] CVE-2009-2671
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
  [ 57 ] CVE-2009-2672
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672
  [ 58 ] CVE-2009-2673
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
  [ 59 ] CVE-2009-2674
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674
  [ 60 ] CVE-2009-2675
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
  [ 61 ] CVE-2009-2676
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676
  [ 62 ] CVE-2009-2689
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689
  [ 63 ] CVE-2009-2690
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690
  [ 64 ] CVE-2009-2716
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716
  [ 65 ] CVE-2009-2718
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718
  [ 66 ] CVE-2009-2719
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719
  [ 67 ] CVE-2009-2720
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720
  [ 68 ] CVE-2009-2721
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721
  [ 69 ] CVE-2009-2722
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722
  [ 70 ] CVE-2009-2723
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723
  [ 71 ] CVE-2009-2724
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724
  [ 72 ] CVE-2009-3728
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728
  [ 73 ] CVE-2009-3729
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3729
  [ 74 ] CVE-2009-3865
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865
  [ 75 ] CVE-2009-3866
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866
  [ 76 ] CVE-2009-3867
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867
  [ 77 ] CVE-2009-3868
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868
  [ 78 ] CVE-2009-3869
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869
  [ 79 ] CVE-2009-3871
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871
  [ 80 ] CVE-2009-3872
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872
  [ 81 ] CVE-2009-3873
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873
  [ 82 ] CVE-2009-3874
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874
  [ 83 ] CVE-2009-3875
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875
  [ 84 ] CVE-2009-3876
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876
  [ 85 ] CVE-2009-3877
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877
  [ 86 ] CVE-2009-3879
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879
  [ 87 ] CVE-2009-3880
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880
  [ 88 ] CVE-2009-3881
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881
  [ 89 ] CVE-2009-3882
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882
  [ 90 ] CVE-2009-3883
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883
  [ 91 ] CVE-2009-3884
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884
  [ 92 ] CVE-2009-3886
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3886

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/200911-02

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-200911-02: Sun JDK/JRE: Multiple vulnerabilites

Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.

Summary

Gentoo Linux Security Advisory GLSA 200911-02 https://security.gentoo.org/ Severity: Normal Title: Sun JDK/JRE: Multiple vulnerabilites Date: November 17, 2009 Bugs: #182824, #231337, #250012, #263810, #280409, #291817 ID: 200911-02

Synopsis ======= Multiple vulnerabilites in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code.
Background ========= The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sun-jre-bin < 1.6.0.17 *>= 1.5.0.22 >= 1.6.0.17 2 sun-jdk < 1.6.0.17 *>= 1.5.0.22 >= 1.6.0.17 3 blackdown-jre <= 1.4.2.03-r14 Vulnerable! 4 blackdown-jdk <= 1.4.2.03-r16 Vulnerable! 5 emul-linux-x86-java < 1.6.0.17 *>= 1.5.0.22 >= 1.6.0.17 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 5 affected packages on all of their supported architectures. -------------------------------------------------------------------
========== Multiple vulnerabilites have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details.
Impact ===== A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE.
NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.
Workaround ========= There is no known workaround at this time.
Resolution ========= All Sun JRE 1.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.5.0.22
All Sun JRE 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.6.0.17
All Sun JDK 1.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.5.0.22
All Sun JDK 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =dev-java/sun-jdk-1.6.0.17
All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.5.0.22
All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose =app-emulation/emul-linux-x86-java-1.6.0.17
All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge Java 1.4:
# emerge --unmerge =app-emulation/emul-linux-x86-java-1.4* # emerge --unmerge =dev-java/sun-jre-bin-1.4* # emerge --unmerge =dev-java/sun-jdk-1.4* # emerge --unmerge dev-java/blackdown-jdk # emerge --unmerge dev-java/blackdown-jre
Gentoo is ceasing support for the 1.4 generation of the Sun Java Platform in accordance with upstream. All 1.4 JRE and JDK versions are masked and will be removed shortly.
References ========= [ 1 ] CVE-2008-2086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086 [ 2 ] CVE-2008-3103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103 [ 3 ] CVE-2008-3104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104 [ 4 ] CVE-2008-3105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105 [ 5 ] CVE-2008-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106 [ 6 ] CVE-2008-3107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107 [ 7 ] CVE-2008-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108 [ 8 ] CVE-2008-3109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109 [ 9 ] CVE-2008-3110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110 [ 10 ] CVE-2008-3111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111 [ 11 ] CVE-2008-3112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112 [ 12 ] CVE-2008-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113 [ 13 ] CVE-2008-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114 [ 14 ] CVE-2008-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115 [ 15 ] CVE-2008-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339 [ 16 ] CVE-2008-5340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340 [ 17 ] CVE-2008-5341 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341 [ 18 ] CVE-2008-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342 [ 19 ] CVE-2008-5343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343 [ 20 ] CVE-2008-5344 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344 [ 21 ] CVE-2008-5345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345 [ 22 ] CVE-2008-5346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346 [ 23 ] CVE-2008-5347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347 [ 24 ] CVE-2008-5348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348 [ 25 ] CVE-2008-5349 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349 [ 26 ] CVE-2008-5350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350 [ 27 ] CVE-2008-5351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351 [ 28 ] CVE-2008-5352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352 [ 29 ] CVE-2008-5353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353 [ 30 ] CVE-2008-5354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354 [ 31 ] CVE-2008-5355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355 [ 32 ] CVE-2008-5356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356 [ 33 ] CVE-2008-5357 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357 [ 34 ] CVE-2008-5358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358 [ 35 ] CVE-2008-5359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359 [ 36 ] CVE-2008-5360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360 [ 37 ] CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 [ 38 ] CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 [ 39 ] CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 [ 40 ] CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 [ 41 ] CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 [ 42 ] CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 [ 43 ] CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 [ 44 ] CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 [ 45 ] CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 [ 46 ] CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 [ 47 ] CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 [ 48 ] CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 [ 49 ] CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 [ 50 ] CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 [ 51 ] CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 [ 52 ] CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 [ 53 ] CVE-2009-2475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475 [ 54 ] CVE-2009-2476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2476 [ 55 ] CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 [ 56 ] CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 [ 57 ] CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 [ 58 ] CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 [ 59 ] CVE-2009-2674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2674 [ 60 ] CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 [ 61 ] CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 [ 62 ] CVE-2009-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689 [ 63 ] CVE-2009-2690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2690 [ 64 ] CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 [ 65 ] CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 [ 66 ] CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 [ 67 ] CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 [ 68 ] CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 [ 69 ] CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 [ 70 ] CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 [ 71 ] CVE-2009-2724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 [ 72 ] CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 [ 73 ] CVE-2009-3729 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3729 [ 74 ] CVE-2009-3865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865 [ 75 ] CVE-2009-3866 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866 [ 76 ] CVE-2009-3867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 [ 77 ] CVE-2009-3868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868 [ 78 ] CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 [ 79 ] CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 [ 80 ] CVE-2009-3872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872 [ 81 ] CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 [ 82 ] CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 [ 83 ] CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 [ 84 ] CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 [ 85 ] CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 [ 86 ] CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 [ 87 ] CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 [ 88 ] CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 [ 89 ] CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 [ 90 ] CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 [ 91 ] CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 [ 92 ] CVE-2009-3886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3886
Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/200911-02
Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5/

Resolution

References

Availability

Concerns

Severity

Synopsis

Background

Affected Packages

Impact

Workaround

Related News