Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Multiple packages, Multiple vulnerabilities fixed in 2010
Informations
Name GLSA-201412-08 First vendor Publication 2014-12-11
Vendor Gentoo Last vendor Modification 2014-12-11
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.

Background

For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild.

Description

Vulnerabilities have been discovered in the packages listed below.
Please review the CVE identifiers in the Reference section for details.

* Insight
* Perl Tk Module
* Source-Navigator
* Tk
* Partimage
* Mlmmj
* acl
* Xinit
* gzip
* ncompress
* liblzw
* splashutils
* GNU M4
* KDE Display Manager
* GTK+
* KGet
* dvipng
* Beanstalk
* Policy Mount
* pam_krb5
* GNU gv
* LFTP
* Uzbl
* Slim
* Bitdefender Console
* iputils
* DVBStreamer

Impact

A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.

Workaround

There are no known workarounds at this time.

Resolution

All Insight users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/insight-6.7.1-r1"

All Perl Tk Module users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/perl-tk-804.028-r2"

All Source-Navigator users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/sourcenav-5.1.4"

All Tk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.18-r1"

All Partimage users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/partimage-0.6.8"

All Mlmmj users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mlmmj-1.2.17.1"

All acl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/acl-2.2.49"

All Xinit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-apps/xinit-1.2.0-r4"

All gzip users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.4"

All ncompress users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/ncompress-4.2.4.3"

All liblzw users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/liblzw-0.2"

All splashutils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=media-gfx/splashutils-1.5.4.3-r3"

All GNU M4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/m4-1.4.14-r1"

All KDE Display Manager users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdm-4.3.5-r1"

All GTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/gtk+-2.18.7"

All KGet 4.3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kget-4.3.5-r1"

All dvipng users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/dvipng-1.13"

All Beanstalk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/beanstalkd-1.4.6"

All Policy Mount users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/pmount-0.9.23"

All pam_krb5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-4.3"

All GNU gv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gv-3.7.1"

All LFTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/lftp-4.0.6"

All Uzbl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/uzbl-2010.08.05"

All Slim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-misc/slim-1.3.2"

All iputils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/iputils-20100418"

All DVBStreamer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-tv/dvbstreamer-1.1-r1"

Gentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console:
# emerge --unmerge "app-antivirus/bitdefender-console"

NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.

References

[ 1 ] CVE-2006-3005 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3005
[ 2 ] CVE-2007-2741 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741
[ 3 ] CVE-2008-0553 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0553
[ 4 ] CVE-2008-1382 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1382
[ 5 ] CVE-2008-5907 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5907
[ 6 ] CVE-2008-6218 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6218
[ 7 ] CVE-2008-6661 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6661
[ 8 ] CVE-2009-0040 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040
[ 9 ] CVE-2009-0360 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0360
[ 10 ] CVE-2009-0361 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0361
[ 11 ] CVE-2009-0946 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946
[ 12 ] CVE-2009-2042 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2042
[ 13 ] CVE-2009-2624 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2624
[ 14 ] CVE-2009-3736 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3736
[ 15 ] CVE-2009-4029 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4029
[ 16 ] CVE-2009-4411 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4411
[ 17 ] CVE-2009-4896 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4896
[ 18 ] CVE-2010-0001 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0001
[ 19 ] CVE-2010-0436 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0436
[ 20 ] CVE-2010-0732 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732
[ 21 ] CVE-2010-0829 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0829
[ 22 ] CVE-2010-1000 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1000
[ 23 ] CVE-2010-1205 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 24 ] CVE-2010-1511 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1511
[ 25 ] CVE-2010-2056 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2056
[ 26 ] CVE-2010-2060 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2060
[ 27 ] CVE-2010-2192 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192
[ 28 ] CVE-2010-2251 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2251
[ 29 ] CVE-2010-2529 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529
[ 30 ] CVE-2010-2809 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2809
[ 31 ] CVE-2010-2945 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2945

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-08.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201412-08.xml

CWE : Common Weakness Enumeration

% Id Name
15 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-362 Race Condition
12 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')
8 % CWE-59 Improper Link Resolution Before File Access ('Link Following')
8 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
8 % CWE-20 Improper Input Validation
4 % CWE-399 Resource Management Errors
4 % CWE-287 Improper Authentication
4 % CWE-200 Information Exposure
4 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
4 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10098
 
Oval ID: oval:org.mitre.oval:def:10098
Title: Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Description: Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0553
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10149
 
Oval ID: oval:org.mitre.oval:def:10149
Title: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Description: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0946
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10316
 
Oval ID: oval:org.mitre.oval:def:10316
Title: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10326
 
Oval ID: oval:org.mitre.oval:def:10326
Title: libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Description: libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1382
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10546
 
Oval ID: oval:org.mitre.oval:def:10546
Title: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0001
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11582
 
Oval ID: oval:org.mitre.oval:def:11582
Title: DSA-2048 dvipng -- buffer overflow
Description: Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service, and possibly arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2048
CVE-2010-0829
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): dvipng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11687
 
Oval ID: oval:org.mitre.oval:def:11687
Title: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11705
 
Oval ID: oval:org.mitre.oval:def:11705
Title: DSA-2063 pmount -- insecure temporary file
Description: Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.
Family: unix Class: patch
Reference(s): DSA-2063
CVE-2010-2192
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): pmount
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11717
 
Oval ID: oval:org.mitre.oval:def:11717
Title: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Description: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4029
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11742
 
Oval ID: oval:org.mitre.oval:def:11742
Title: DSA-2073 mlmmj -- insufficient input sanitising
Description: Florian Streibelt reported a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users" requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and/or delete arbitrary files.
Family: unix Class: patch
Reference(s): DSA-2073
CVE-2009-4896
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): mlmmj
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11851
 
Oval ID: oval:org.mitre.oval:def:11851
Title: Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability
Description: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1205
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11897
 
Oval ID: oval:org.mitre.oval:def:11897
Title: DSA-2074 ncompress -- integer underflow
Description: Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
Family: unix Class: patch
Reference(s): DSA-2074
CVE-2010-0001
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): ncompress
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12656
 
Oval ID: oval:org.mitre.oval:def:12656
Title: DSA-1958-1 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family: unix Class: patch
Reference(s): DSA-1958-1
CVE-2009-3736
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12696
 
Oval ID: oval:org.mitre.oval:def:12696
Title: USN-932-1 -- kdebase-workspace vulnerability
Description: Sebastian Krahmer discovered a race condition in the KDE Display Manager . A local attacker could exploit this to change the permissions on arbitrary files, thus allowing privilege escalation.
Family: unix Class: patch
Reference(s): USN-932-1
CVE-2010-0436
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): kdebase-workspace
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12796
 
Oval ID: oval:org.mitre.oval:def:12796
Title: DSA-2085-1 lftp -- missing input validation
Description: It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute arbitrary code. For the stable distribution, this problem has been fixed in version 3.7.3-1+lenny1. For the testing distribution, this problem has been fixed in version 4.0.6-1. For the unstable distribution, this problem has been fixed in version 4.0.6-1. We recommend that you upgrade your lftp packages.
Family: unix Class: patch
Reference(s): DSA-2085-1
CVE-2010-2251
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13052
 
Oval ID: oval:org.mitre.oval:def:13052
Title: USN-730-1 -- libpng vulnerabilities
Description: It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-730-1
CVE-2007-5268
CVE-2007-5269
CVE-2008-1382
CVE-2008-3964
CVE-2008-5907
CVE-2009-0040
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13074
 
Oval ID: oval:org.mitre.oval:def:13074
Title: USN-938-1 -- kdenetwork vulnerability
Description: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
Family: unix Class: patch
Reference(s): USN-938-1
CVE-2010-1000
CVE-2010-1511
Version: 5
Platform(s): Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): kdenetwork
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13292
 
Oval ID: oval:org.mitre.oval:def:13292
Title: USN-936-1 -- dvipng vulnerability
Description: Dan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-936-1
CVE-2010-0829
Version: 5
Platform(s): Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): dvipng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13325
 
Oval ID: oval:org.mitre.oval:def:13325
Title: USN-889-1 -- gzip vulnerabilities
Description: It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel–Ziv–Welch algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-889-1
CVE-2009-2624
CVE-2010-0001
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13395
 
Oval ID: oval:org.mitre.oval:def:13395
Title: DSA-1784-1 freetype -- integer overflows
Description: Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution, this problem has been fixed in version 2.2.1-5+etch4. For the stable distribution, this problem has been fixed in version 2.3.7-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.3.9-4.1. We recommend that you upgrade your freetype packages.
Family: unix Class: patch
Reference(s): DSA-1784-1
CVE-2009-0946
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13460
 
Oval ID: oval:org.mitre.oval:def:13460
Title: DSA-2073-1 mlmmj -- insufficient input sanitising
Description: Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users" requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files. For the stable distribution, these problems have been fixed in version 1.2.15-1.1+lenny1. For the unstable distribution, these problems have been fixed in version 1.2.17-1.1. We recommend that you upgrade your mlmmj package.
Family: unix Class: patch
Reference(s): DSA-2073-1
CVE-2009-4896
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): mlmmj
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13465
 
Oval ID: oval:org.mitre.oval:def:13465
Title: DSA-2037-1 kdm (kdebase) -- race condition
Description: Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment’s KDM display manager, allow a local user to elevate privileges to root. For the stable distribution, this problem has been fixed in version 4:3.5.9.dfsg.1-6+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your kdm package.
Family: unix Class: patch
Reference(s): DSA-2037-1
CVE-2010-0436
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdm (kdebase)
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13484
 
Oval ID: oval:org.mitre.oval:def:13484
Title: USN-984-1 -- lftp vulnerability
Description: It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code.
Family: unix Class: patch
Reference(s): USN-984-1
CVE-2010-2251
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13544
 
Oval ID: oval:org.mitre.oval:def:13544
Title: DSA-1722-1 libpam-heimdal -- programming error
Description: Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation. For the stable distribution, this problem has been fixed in version 2.5-1etch1. For the upcoming stable distribution, this problem has been fixed in version 3.10-2.1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libpam-heimdal package.
Family: unix Class: patch
Reference(s): DSA-1722-1
CVE-2009-0361
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libpam-heimdal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13548
 
Oval ID: oval:org.mitre.oval:def:13548
Title: DSA-2063-1 pmount -- insecure temporary file
Description: Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack. For the stable distribution, this problem has been fixed in version 0.9.18-2+lenny1 For the unstable distribution, this problem has been fixed in version 0.9.23-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your pmount package.
Family: unix Class: patch
Reference(s): DSA-2063-1
CVE-2010-2192
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): pmount
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13583
 
Oval ID: oval:org.mitre.oval:def:13583
Title: DSA-2074-1 ncompress -- integer underflow
Description: Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, this problem has been fixed in version 4.2.4.2-1+lenny1. For the testing and unstable distribution, this problem has been fixed in version 4.2.4.3-1. We recommend that you upgrade your ncompress package.
Family: unix Class: patch
Reference(s): DSA-2074-1
CVE-2010-0001
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): ncompress
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13613
 
Oval ID: oval:org.mitre.oval:def:13613
Title: DSA-1750-1 libpng -- several
Description: Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution, these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution, these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages.
Family: unix Class: patch
Reference(s): DSA-1750-1
CVE-2007-2445
CVE-2007-5269
CVE-2008-1382
CVE-2008-5907
CVE-2008-6218
CVE-2009-0040
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13723
 
Oval ID: oval:org.mitre.oval:def:13723
Title: DSA-1721-1 libpam-krb5 -- several
Description: Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. CVE-2009-0361 Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. For the stable distribution, these problems have been fixed in version 2.6-1etch1. For the upcoming stable distribution, these problems have been fixed in version 3.11-4. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your libpam-krb5 package.
Family: unix Class: patch
Reference(s): DSA-1721-1
CVE-2009-0360
CVE-2009-0361
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libpam-krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13797
 
Oval ID: oval:org.mitre.oval:def:13797
Title: USN-767-1 -- freetype vulnerability
Description: Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-767-1
CVE-2009-0946
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13801
 
Oval ID: oval:org.mitre.oval:def:13801
Title: USN-719-1 -- libpam-krb5 vulnerabilities
Description: It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges
Family: unix Class: patch
Reference(s): USN-719-1
CVE-2009-0360
CVE-2009-0361
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Product(s): libpam-krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17105
 
Oval ID: oval:org.mitre.oval:def:17105
Title: USN-664-1 -- tk8.0, tk8.3, tk8.4 vulnerability
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images.
Family: unix Class: patch
Reference(s): USN-664-1
CVE-2008-0553
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Product(s): tk8.0
tk8.3
tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18455
 
Oval ID: oval:org.mitre.oval:def:18455
Title: DSA-2645-1 inetutils - denial of service
Description: Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs.
Family: unix Class: patch
Reference(s): DSA-2645-1
CVE-2010-2529
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): inetutils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18578
 
Oval ID: oval:org.mitre.oval:def:18578
Title: DSA-1491-1 tk8.4 - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1491-1
CVE-2008-0553
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18666
 
Oval ID: oval:org.mitre.oval:def:18666
Title: DSA-1598-1 libtk-img - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1598-1
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20168
 
Oval ID: oval:org.mitre.oval:def:20168
Title: DSA-1490-1 tk8.3 - arbitrary code execution
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1490-1
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): tk8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21943
 
Oval ID: oval:org.mitre.oval:def:21943
Title: RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): RHSA-2010:0039-01
CESA-2010:0039
CVE-2009-3736
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22010
 
Oval ID: oval:org.mitre.oval:def:22010
Title: RHSA-2010:0321: automake security update (Low)
Description: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Family: unix Class: patch
Reference(s): RHSA-2010:0321-04
CVE-2009-4029
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): automake
automake14
automake15
automake16
automake17
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22074
 
Oval ID: oval:org.mitre.oval:def:22074
Title: RHSA-2010:0585: lftp security update (Moderate)
Description: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Family: unix Class: patch
Reference(s): RHSA-2010:0585-01
CESA-2010:0585
CVE-2010-2251
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22121
 
Oval ID: oval:org.mitre.oval:def:22121
Title: RHSA-2010:0061: gzip security update (Moderate)
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: patch
Reference(s): RHSA-2010:0061-02
CESA-2010:0061
CVE-2010-0001
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22179
 
Oval ID: oval:org.mitre.oval:def:22179
Title: RHSA-2010:0348: kdebase security update (Important)
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: patch
Reference(s): RHSA-2010:0348-01
CESA-2010:0348
CVE-2010-0436
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22459
 
Oval ID: oval:org.mitre.oval:def:22459
Title: ELSA-2010:0348: kdebase security update (Important)
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: patch
Reference(s): ELSA-2010:0348-01
CVE-2010-0436
Version: 6
Platform(s): Oracle Linux 5
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22739
 
Oval ID: oval:org.mitre.oval:def:22739
Title: ELSA-2010:0321: automake security update (Low)
Description: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Family: unix Class: patch
Reference(s): ELSA-2010:0321-04
CVE-2009-4029
Version: 6
Platform(s): Oracle Linux 5
Product(s): automake
automake14
automake15
automake16
automake17
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22744
 
Oval ID: oval:org.mitre.oval:def:22744
Title: ELSA-2009:0333: libpng security update (Moderate)
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: patch
Reference(s): ELSA-2009:0333-01
CVE-2008-1382
CVE-2009-0040
Version: 13
Platform(s): Oracle Linux 5
Product(s): libpng
libpng10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22787
 
Oval ID: oval:org.mitre.oval:def:22787
Title: ELSA-2009:1061: freetype security update (Important)
Description: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Family: unix Class: patch
Reference(s): ELSA-2009:1061-02
CVE-2009-0946
Version: 6
Platform(s): Oracle Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22803
 
Oval ID: oval:org.mitre.oval:def:22803
Title: ELSA-2010:0585: lftp security update (Moderate)
Description: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Family: unix Class: patch
Reference(s): ELSA-2010:0585-01
CVE-2010-2251
Version: 6
Platform(s): Oracle Linux 5
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23003
 
Oval ID: oval:org.mitre.oval:def:23003
Title: ELSA-2010:0061: gzip security update (Moderate)
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: patch
Reference(s): ELSA-2010:0061-02
CVE-2010-0001
Version: 6
Platform(s): Oracle Linux 5
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23008
 
Oval ID: oval:org.mitre.oval:def:23008
Title: ELSA-2009:1646: libtool security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2009:1646-01
CVE-2009-3736
Version: 6
Platform(s): Oracle Linux 5
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23036
 
Oval ID: oval:org.mitre.oval:def:23036
Title: ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2010:0039-01
CVE-2009-3736
Version: 6
Platform(s): Oracle Linux 5
Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25255
 
Oval ID: oval:org.mitre.oval:def:25255
Title: SUSE-SU-2013:1329-1 -- Security update for automake
Description: This update of automake fixes a race condition in "distcheck". (CVE-2012-3386) Also a bug where world writeable tarballs were generated during "make dist" has been fixed (CVE-2009-4029).
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1329-1
CVE-2012-3386
CVE-2009-4029
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): automake
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27954
 
Oval ID: oval:org.mitre.oval:def:27954
Title: DEPRECATED: ELSA-2010-0321 -- automake security update (low)
Description: [1.9.6-2.3] - increase delay in self checks - add delays in aclocal7 self check http://osdir.com/ml/sysutils.automake.bugs/2006-09/msg00012.html - preserve timestamps of configure files [1.9.6-2.2] - add fix for CVE-2009-4029
Family: unix Class: patch
Reference(s): ELSA-2010-0321
CVE-2009-4029
Version: 4
Platform(s): Oracle Linux 5
Product(s): automake
automake14
automake15
automake16
automake17
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28103
 
Oval ID: oval:org.mitre.oval:def:28103
Title: DEPRECATED: ELSA-2010-0585 -- lftp security update (moderate)
Description: [3.7.11-4.el5_5.3] - Related: CVE-2010-2251 - document change of xfer:clobber default value in manpage, respect xfer:clobber on with xfer:auto-rename on (old behaviour) [3.7.11-4.el5_5.2] - Related: CVE-2010-2251 - describe new option xfer:auto-rename which could restore old behaviour in manpage [3.7.11-4.el5_5.1] - Resolves: CVE-2010-2251 - multiple HTTP client download filename vulnerability (#617870)
Family: unix Class: patch
Reference(s): ELSA-2010-0585
CVE-2010-2251
Version: 4
Platform(s): Oracle Linux 5
Product(s): lftp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29091
 
Oval ID: oval:org.mitre.oval:def:29091
Title: RHSA-2009:1061 -- freetype security update (Important)
Description: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.
Family: unix Class: patch
Reference(s): RHSA-2009:1061
CESA-2009:1061-CentOS 5
CVE-2009-0946
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29196
 
Oval ID: oval:org.mitre.oval:def:29196
Title: RHSA-2009:0333 -- libpng security update (Moderate)
Description: Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to freerandom memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040)
Family: unix Class: patch
Reference(s): RHSA-2009:0333
CESA-2009:0333-CentOS 2
CVE-2008-1382
CVE-2009-0040
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 2
Product(s): libpng
libpng10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29283
 
Oval ID: oval:org.mitre.oval:def:29283
Title: RHSA-2009:1646 -- libtool security update (Moderate)
Description: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1646
CESA-2009:1646-CentOS 3
CESA-2009:1646-CentOS 5
CVE-2009-3736
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5403
 
Oval ID: oval:org.mitre.oval:def:5403
Title: A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
Description: Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0361
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5521
 
Oval ID: oval:org.mitre.oval:def:5521
Title: HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description: Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0361
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5669
 
Oval ID: oval:org.mitre.oval:def:5669
Title: HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description: Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0360
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5732
 
Oval ID: oval:org.mitre.oval:def:5732
Title: A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
Description: Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0360
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6275
 
Oval ID: oval:org.mitre.oval:def:6275
Title: mimeTeX and mathTeX Buffer Overflow and Command Injection Issues
Description: libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialized memory.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1382
Version: 1
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6458
 
Oval ID: oval:org.mitre.oval:def:6458
Title: Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 1
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6557
 
Oval ID: oval:org.mitre.oval:def:6557
Title: DSA-1750 libpng -- several vulnerabilities
Description: Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: patch
Reference(s): DSA-1750
CVE-2007-2445
CVE-2007-5269
CVE-2008-1382
CVE-2008-5907
CVE-2008-6218
CVE-2009-0040
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6951
 
Oval ID: oval:org.mitre.oval:def:6951
Title: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
Version: 6
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7228
 
Oval ID: oval:org.mitre.oval:def:7228
Title: DSA-1490 tk8.3 -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1490
CVE-2008-0553
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): tk8.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7481
 
Oval ID: oval:org.mitre.oval:def:7481
Title: DSA-1958 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family: unix Class: patch
Reference(s): DSA-1958
CVE-2009-3736
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7511
 
Oval ID: oval:org.mitre.oval:def:7511
Title: gzip Integer Overflow Vulnerability
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0001
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7518
 
Oval ID: oval:org.mitre.oval:def:7518
Title: DSA-2037 kdebase -- race condition
Description: Sebastian Krahmer discovered that a race condition in the KDE Desktop Environment's KDM display manager, allow a local user to elevate privileges to root.
Family: unix Class: patch
Reference(s): DSA-2037
CVE-2010-0436
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdebase
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7812
 
Oval ID: oval:org.mitre.oval:def:7812
Title: DSA-1491 tk8.4 -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1491
CVE-2008-0553
Version: 3
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 3.1
Product(s): tk8.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8149
 
Oval ID: oval:org.mitre.oval:def:8149
Title: DSA-1721 libpam-krb5 -- several vulnerabilities
Description: Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1721
CVE-2009-0360
CVE-2009-0361
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): libpam-krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8163
 
Oval ID: oval:org.mitre.oval:def:8163
Title: DSA-1722 libpam-heimdal -- programming error
Description: Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1722
CVE-2009-0361
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): libpam-heimdal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8224
 
Oval ID: oval:org.mitre.oval:def:8224
Title: DSA-1784 freetype -- integer overflows
Description: Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): DSA-1784
CVE-2009-0946
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8363
 
Oval ID: oval:org.mitre.oval:def:8363
Title: DSA-1598 libtk-img -- buffer overflow
Description: It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1598
CVE-2008-0553
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libtk-img
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9718
 
Oval ID: oval:org.mitre.oval:def:9718
Title: Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
Description: Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0829
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9999
 
Oval ID: oval:org.mitre.oval:def:9999
Title: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Description: Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0436
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 142
Application 263
Application 2
Application 196
Application 22
Application 36
Application 5
Application 8
Application 3
Application 11
Application 17
Application 15
Application 491
Application 2
Application 55
Application 1
Application 706
Application 8
Application 3
Application 232
Application 60
Application 116
Application 11
Application 4
Application 69
Application 1
Application 4
Application 1
Application 27
Application 58
Application