Advisory: Gentoo Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Under specific conditions, the rsync daemon is vulnerable to a directory traversal allowing to write files outside a sync module.
MoinMoin contains a bug allowing a user to bypass group ACLs (Access Control Lists).
Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program. [More...]
Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files. [More...]
XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections. [More...]
Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. With certain configurations this could lead to a heap based buffer overflow. [More...]
Multiple vulnerabilities have been found in the Linux kernel used by GNU/Linux systems. Patched, or updated versions of these kernels have been released and details are included in this advisory. [More...]
The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files. [More...]
Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise. [More...]
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when authenticating PKCS#7 certificates. This could allow an attacker to authenticate with a fake certificate. [More...]
There is a vulnerability where a carefully crafted signal sent to the giFT-FastTrack plugin will cause the giFT daemon to crash.
gzip contain a bug potentially allowing an attacker to execute arbitrary commands.
racoon provided as part of IPsec-Tools fails do proper authentication.
A bug in mod_proxy may allow a remote attacker to execute arbitrary code when Apache is configured a certain way.
Usermin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.
A bug in the aspell utility word-list-compress can allow an attacker to execute arbitrary code.
Squid contains a bug where it fails to properly check bounds of the 'pass' variable.
Webmin contains two security vulnerabilities which could lead to a Denial of Service attack and information disclosure.