Gentoo: GLSA-201412-11: AMD64 x86 emulation base libraries: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details.
Resolution
All users of the AMD64 x86 emulation base libraries should upgrade to
the latest version:
# emerge --sync
# emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no
longer affected by them.
References
[ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201412-11
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code.
Background
AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1
Impact
===== A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.