Gentoo: GLSA-201412-11: AMD64 x86 emulation base libraries: Multiple vulnerabilities

    Date11 Dec 2014
    CategoryGentoo
    66
    Posted ByLinuxSecurity Advisories
    Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. [More...]
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory                           GLSA 201412-11
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
     Severity: Normal
        Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities
         Date: December 12, 2014
         Bugs: #196865, #335508, #483632, #508322
           ID: 201412-11
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    Synopsis
    ========
    
    Multiple vulnerabilities have been found in AMD64 x86 emulation base
    libraries, the worst of which may allow remote execution of arbitrary
    code.
    
    Background
    ==========
    
    AMD64 x86 emulation base libraries provides pre-compiled 32-bit
    libraries.
    
    Affected packages
    =================
    
        -------------------------------------------------------------------
         Package              /     Vulnerable     /            Unaffected
        -------------------------------------------------------------------
      1  app-emulation/emul-linux-x86-baselibs
                                   < 20140406-r1 >= 20140406-r1
    
    Description
    ===========
    
    Multiple vulnerabilities have been discovered in AMD64 x86 emulation
    base libraries. Please review the CVE identifiers referenced below for
    details.
    
    Impact
    ======
    
    A context-dependent attacker may be able to execute arbitrary code,
    cause a Denial of Service condition, or obtain sensitive information.
    
    Workaround
    ==========
    
    There is no known workaround at this time.
    
    Resolution
    ==========
    
    All users of the AMD64 x86 emulation base libraries should upgrade to
    the latest version:
    
      # emerge --sync
      # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
    
    NOTE: One or more of the issues described in this advisory have been
    fixed in previous updates. They are included in this advisory for the
    sake of completeness. It is likely that your system is already no
    longer affected by them.
    
    References
    ==========
    
    [  1 ] CVE-2007-0720
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720
    [  2 ] CVE-2007-1536
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536
    [  3 ] CVE-2007-2026
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026
    [  4 ] CVE-2007-2445
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445
    [  5 ] CVE-2007-2741
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741
    [  6 ] CVE-2007-3108
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108
    [  7 ] CVE-2007-4995
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995
    [  8 ] CVE-2007-5116
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116
    [  9 ] CVE-2007-5135
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135
    [ 10 ] CVE-2007-5266
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266
    [ 11 ] CVE-2007-5268
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268
    [ 12 ] CVE-2007-5269
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269
    [ 13 ] CVE-2007-5849
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849
    [ 14 ] CVE-2010-1205
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
    [ 15 ] CVE-2013-0338
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338
    [ 16 ] CVE-2013-0339
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339
    [ 17 ] CVE-2013-1664
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664
    [ 18 ] CVE-2013-1969
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969
    [ 19 ] CVE-2013-2877
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
    [ 20 ] CVE-2014-0160
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160
    
    Availability
    ============
    
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    
     http://security.gentoo.org/glsa/glsa-201412-11.xml
    
    Concerns?
    =========
    
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to
    This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
    https://bugs.gentoo.org.
    
    License
    =======
    
    Copyright 2014 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    
    http://creativecommons.org/licenses/by-sa/2.5
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.