Security
Security
This page lists all security advisories that were released by the Gentoo security team. For more information, please visit our distribution's security overview.
| ID | Title |
|---|---|
| 200512-18 | XnView: Privilege escalation |
| 200512-17 | scponly: Multiple privilege escalation issues |
| 200512-16 | OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library |
| 200512-15 | rssh: Privilege escalation |
| 200512-14 | NBD Tools: Buffer overflow in NBD server |
| 200512-13 | Dropbear: Privilege escalation |
| 200512-12 | Mantis: Multiple vulnerabilities |
| 200512-11 | CenterICQ: Multiple vulnerabilities |
| 200512-10 | Opera: Command-line URL shell command injection |
| 200512-09 | cURL: Off-by-one errors in URL handling |
| 200512-08 | Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities |
| 200512-07 | OpenLDAP, Gauche: RUNPATH issues |
| 200512-06 | Ethereal: Buffer overflow in OSPF protocol dissector |
| 200512-05 | Xmail: Privilege escalation through sendmail |
| 200512-04 | Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation |
| 200512-03 | phpMyAdmin: Multiple vulnerabilities |
| 200512-02 | Webmin, Usermin: Format string vulnerability |
| 200512-01 | Perl: Format string errors can lead to code execution |
| 200511-23 | chmlib, KchmViewer: Stack-based buffer overflow |
| 200511-22 | Inkscape: Buffer overflow |
| 200511-21 | Macromedia Flash Player: Remote arbitrary code execution |
| 200511-20 | Horde Application Framework: XSS vulnerability |
| 200511-19 | eix: Insecure temporary file creation |
| 200511-18 | phpSysInfo: Multiple vulnerabilities |
| 200511-17 | FUSE: mtab corruption through fusermount |
| 200511-16 | GNUMP3d: Directory traversal and insecure temporary file creation |
| 200511-15 | Smb4k: Local unauthorized file access |
| 200511-14 | GTK+ 2, GdkPixbuf: Multiple XPM decoding vulnerabilities |
| 200511-13 | Sylpheed, Sylpheed-Claws: Buffer overflow in LDIF importer |
| 200511-12 | Scorched 3D: Multiple vulnerabilities |
| 200511-11 | linux-ftpd-ssl: Remote buffer overflow |
| 200511-10 | RAR: Format string and buffer overflow vulnerabilities |
| 200511-09 | Lynx: Arbitrary command execution |
| 200511-08 | PHP: Multiple vulnerabilities |
| 200511-07 | OpenVPN: Multiple vulnerabilities |
| 200511-06 | fetchmail: Password exposure in fetchmailconf |
| 200511-05 | GNUMP3d: Directory traversal and XSS vulnerabilities |
| 200511-04 | ClamAV: Multiple vulnerabilities |
| 200511-03 | giflib: Multiple vulnerabilities |
| 200511-02 | QDBM, ImageMagick, GDAL: RUNPATH issues |
| 200511-01 | libgda: Format string vulnerabilities |
| 200510-26 | XLI, Xloadimage: Buffer overflow |
| 200510-25 | Ethereal: Multiple vulnerabilities in protocol dissectors |
| 200510-24 | Mantis: Multiple vulnerabilities |
| 200510-23 | TikiWiki: XSS vulnerability |
| 200510-22 | SELinux PAM: Local password guessing attack |
| 200510-21 | phpMyAdmin: Local file inclusion and XSS vulnerabilities |
| 200510-20 | Zope: File inclusion through RestructuredText |
| 200510-19 | cURL: NTLM username stack overflow |
| 200510-18 | Netpbm: Buffer overflow in pnmtopng |
| 200510-17 | AbiWord: New RTF import buffer overflows |
| 200510-16 | phpMyAdmin: Local file inclusion vulnerability |
| 200510-15 | Lynx: Buffer overflow in NNTP processing |
| 200510-14 | Perl, Qt-UnixODBC, CMake: RUNPATH issues |
| 200510-13 | SPE: Insecure file permissions |
| 200510-12 | KOffice, KWord: RTF import buffer overflow |
| 200510-11 | OpenSSL: SSL 2.0 protocol rollback |
| 200510-10 | uw-imap: Remote buffer overflow |
| 200510-09 | Weex: Format string vulnerability |
| 200510-08 | xine-lib: Format string vulnerability |
| 200510-07 | RealPlayer, Helix Player: Format string vulnerability |
| 200510-06 | Dia: Arbitrary code execution through SVG import |
| 200510-05 | Ruby: Security bypass vulnerability |
| 200510-04 | Texinfo: Insecure temporary file creation |
| 200510-03 | Uim: Privilege escalation vulnerability |
| 200510-02 | Berkeley MPEG Tools: Multiple insecure temporary files |
| 200510-01 | gtkdiskfree: Insecure temporary file creation |
| 200509-21 | Hylafax: Insecure temporary file creation in xferfaxstats script |
| 200509-20 | AbiWord: RTF import stack-based buffer overflow |
| 200509-19 | PHP: Vulnerabilities in included PCRE and XML-RPC libraries |
| 200509-18 | Qt: Buffer overflow in the included zlib library |
| 200509-17 | Webmin, Usermin: Remote code execution through PAM authentication |
| 200509-16 | Mantis: XSS and SQL injection vulnerabilities |
| 200509-15 | util-linux: umount command validation error |
| 200509-14 | Zebedee: Denial of Service vulnerability |
| 200509-13 | Clam AntiVirus: Multiple vulnerabilities |
| 200509-12 | Apache, mod_ssl: Multiple vulnerabilities |
| 200509-11 | Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities |
| 200509-10 | Mailutils: Format string vulnerability in imap4d |
| 200509-09 | Py2Play: Remote execution of arbitrary Python code |
| 200509-08 | Python: Heap overflow in the included PCRE library |
| 200509-07 | X.Org: Heap overflow in pixmap allocation |
| 200509-06 | Squid: Denial of Service vulnerabilities |
| 200509-05 | Net-SNMP: Insecure RPATH |
| 200509-04 | phpLDAPadmin: Authentication bypass |
| 200509-03 | OpenTTD: Format string vulnerabilities |
| 200509-02 | Gnumeric: Heap overflow in the included PCRE library |
| 200509-01 | MPlayer: Heap overflow in ad_pcm.c |
| 200508-22 | pam_ldap: Authentication bypass vulnerability |
| 200508-21 | phpWebSite: Arbitrary command execution through XML-RPC and SQL injection |
| 200508-20 | phpGroupWare: Multiple vulnerabilities |
| 200508-19 | lm_sensors: Insecure temporary file creation |
| 200508-18 | PhpWiki: Arbitrary command execution through XML-RPC |
| 200508-17 | libpcre: Heap integer overflow |
| 200508-16 | Tor: Information disclosure |
| 200508-15 | Apache 2.0: Denial of Service vulnerability |
| 200508-14 | TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC |
| 200508-13 | PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability |
| 200508-12 | Evolution: Format string vulnerabilities |
| 200508-11 | Adobe Reader: Buffer Overflow |
| 200508-10 | Kismet: Multiple vulnerabilities |
| 200508-09 | bluez-utils: Bluetooth device name validation vulnerability |
| 200508-08 | Xpdf, Kpdf, GPdf: Denial of Service vulnerability |
| 200508-07 | AWStats: Arbitrary code execution using malicious Referrer information |
| 200508-06 | Gaim: Remote execution of arbitrary code |
| 200508-05 | Heartbeat: Insecure temporary file creation |
| 200508-04 | Netpbm: Arbitrary code execution in pstopnm |
| 200508-03 | nbSMTP: Format string vulnerability |
| 200508-02 | ProFTPD: Format string vulnerabilities |
| 200508-01 | Compress::Zlib: Buffer overflow |
| 200507-29 | pstotext: Remote execution of arbitrary code |
| 200507-28 | AMD64 x86 emulation base libraries: Buffer overflow |
| 200507-27 | Ethereal: Multiple vulnerabilities |
| 200507-26 | GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library |
| 200507-25 | Clam AntiVirus: Integer overflows |
| 200507-24 | Mozilla Suite: Multiple vulnerabilities |
| 200507-23 | Kopete: Vulnerability in included Gadu library |
| 200507-22 | sandbox: Insecure temporary file handling |
| 200507-21 | fetchmail: Buffer Overflow |
| 200507-20 | Shorewall: Security policy bypass |
| 200507-19 | zlib: Buffer overflow |
| 200507-18 | MediaWiki: Cross-site scripting vulnerability |
| 200507-17 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200507-16 | dhcpcd: Denial of Service vulnerability |
| 200507-15 | PHP: Script injection through XML-RPC |
| 200507-14 | Mozilla Firefox: Multiple vulnerabilities |
| 200507-13 | pam_ldap and nss_ldap: Plain text authentication leak |
| 200507-12 | Bugzilla: Unauthorized access and information disclosure |
| 200507-11 | MIT Kerberos 5: Multiple vulnerabilities |
| 200507-10 | Ruby: Arbitrary command execution through XML-RPC |
| 200507-09 | Adobe Acrobat Reader: Buffer overflow vulnerability |
| 200507-08 | phpGroupWare, eGroupWare: PHP script injection vulnerability |
| 200507-07 | phpWebSite: Multiple vulnerabilities |
| 200507-06 | TikiWiki: Arbitrary command execution through XML-RPC |
| 200507-05 | zlib: Buffer overflow |
| 200507-04 | RealPlayer: Heap overflow vulnerability |
| 200507-03 | phpBB: Arbitrary command execution |
| 200507-02 | WordPress: Multiple vulnerabilities |
| 200507-01 | PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability |
| 200506-24 | Heimdal: Buffer overflow vulnerabilities |
| 200506-23 | Clam AntiVirus: Denial of Service vulnerability |
| 200506-22 | sudo: Arbitrary command execution |
| 200506-21 | Trac: File upload vulnerability |
| 200506-20 | Cacti: Several vulnerabilities |
| 200506-19 | SquirrelMail: Several XSS vulnerabilities |
| 200506-18 | Tor: Information disclosure |
| 200506-17 | SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability |
| 200506-16 | cpio: Directory traversal vulnerability |
| 200506-15 | PeerCast: Format string vulnerability |
| 200506-14 | Sun and Blackdown Java: Applet privilege escalation |
| 200506-13 | webapp-config: Insecure temporary file handling |
| 200506-12 | MediaWiki: Cross-site scripting vulnerability |
| 200506-11 | Gaim: Denial of Service vulnerabilities |
| 200506-10 | LutelWall: Insecure temporary file creation |
| 200506-09 | gedit: Format string vulnerability |
| 200506-08 | GNU shtool, ocaml-mysql: Insecure temporary file creation |
| 200506-07 | Ettercap: Format string vulnerability |
| 200506-06 | libextractor: Multiple overflow vulnerabilities |
| 200506-05 | SilverCity: Insecure file permissions |
| 200506-04 | Wordpress: Multiple vulnerabilities |
| 200506-03 | Dzip: Directory traversal vulnerability |
| 200506-02 | Mailutils: SQL Injection |
| 200506-01 | Binutils, elfutils: Buffer overflow |
| 200505-20 | Mailutils: Multiple vulnerabilities in imap4d and mail |
| 200505-19 | gxine: Format string vulnerability |
| 200505-18 | Net-SNMP: fixproc insecure temporary file creation |
| 200505-17 | Qpopper: Multiple Vulnerabilities |
| 200505-16 | ImageMagick, GraphicsMagick: Denial of Service vulnerability |
| 200505-15 | gdb: Multiple vulnerabilities |
| 200505-14 | Cheetah: Untrusted module search path |
| 200505-13 | FreeRADIUS: SQL injection and Denial of Service vulnerability |
| 200505-12 | PostgreSQL: Multiple vulnerabilities |
| 200505-11 | Mozilla Suite, Mozilla Firefox: Remote compromise |
| 200505-10 | phpBB: Cross-Site Scripting Vulnerability |
| 200505-09 | Gaim: Denial of Service and buffer overflow vulnerabilties |
| 200505-08 | HT Editor: Multiple buffer overflows |
| 200505-07 | libTIFF: Buffer overflow |
| 200505-06 | TCPDump: Decoding routines Denial of Service vulnerability |
| 200505-05 | gzip: Multiple vulnerabilities |
| 200505-04 | GnuTLS: Denial of Service vulnerability |
| 200505-03 | Ethereal: Numerous vulnerabilities |
| 200505-02 | Oops!: Remote code execution |
| 200505-01 | Horde Framework: Multiple XSS vulnerabilities |
| 200504-30 | phpMyAdmin: Insecure SQL script installation |
| 200504-29 | Pound: Buffer overflow vulnerability |
| 200504-28 | Heimdal: Buffer overflow vulnerabilities |
| 200504-27 | xine-lib: Two heap overflow vulnerabilities |
| 200504-26 | Convert-UUlib: Buffer overflow |
| 200504-25 | Rootkit Hunter: Insecure temporary file creation |
| 200504-24 | eGroupWare: XSS and SQL injection vulnerabilities |
| 200504-23 | Kommander: Insecure remote script execution |
| 200504-22 | KDE kimgio: PCX handling buffer overflow |
| 200504-21 | RealPlayer, Helix Player: Buffer overflow vulnerability |
| 200504-20 | openMosixview: Insecure temporary file creation |
| 200504-19 | MPlayer: Two heap overflow vulnerabilities |
| 200504-18 | Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities |
| 200504-17 | XV: Multiple vulnerabilities |
| 200504-16 | CVS: Multiple vulnerabilities |
| 200504-15 | PHP: Multiple vulnerabilities |
| 200504-14 | monkeyd: Multiple vulnerabilities |
| 200504-13 | OpenOffice.Org: DOC document Heap Overflow |
| 200504-12 | rsnapshot: Local privilege escalation |
| 200504-11 | JunkBuster: Multiple vulnerabilities |
| 200504-10 | Gld: Remote execution of arbitrary code |
| 200504-09 | Axel: Vulnerability in HTTP redirection handling |
| 200504-08 | phpMyAdmin: Cross-site scripting vulnerability |
| 200504-07 | GnomeVFS, libcdaudio: CDDB response overflow |
| 200504-06 | sharutils: Insecure temporary file creation |
| 200504-05 | Gaim: Denial of Service issues |
| 200504-04 | mit-krb5: Multiple buffer overflows in telnet client |
| 200504-03 | Dnsmasq: Poisoning and Denial of Service vulnerabilities |
| 200504-02 | Sylpheed, Sylpheed-claws: Buffer overflow on message display |
| 200504-01 | telnet-bsd: Multiple buffer overflows |
| 200503-37 | LimeWire: Disclosure of sensitive information |
| 200503-36 | netkit-telnetd: Buffer overflow |
| 200503-35 | Smarty: Template vulnerability |
| 200503-34 | mpg321: Format string vulnerability |
| 200503-33 | IPsec-Tools: racoon Denial of service |
| 200503-32 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200503-31 | Mozilla Firefox: Multiple vulnerabilities |
| 200503-30 | Mozilla Suite: Multiple vulnerabilities |
| 200503-29 | GnuPG: OpenPGP protocol attack |
| 200503-28 | Sun Java: Web Start argument injection vulnerability |
| 200503-27 | Xzabite dyndnsupdate: Multiple vulnerabilities |
| 200503-26 | Sylpheed, Sylpheed-claws: Message reply overflow |
| 200503-25 | OpenSLP: Multiple buffer overflows |
| 200503-24 | LTris: Buffer overflow |
| 200503-23 | rxvt-unicode: Buffer overflow |
| 200503-22 | KDE: Local Denial of service |
| 200503-21 | Grip: CDDB response overflow |
| 200503-20 | curl: NTLM response buffer overflow |
| 200503-19 | MySQL: Multiple vulnerabilities |
| 200503-18 | Ringtone Tools: Buffer overflow vulnerability |
| 200503-17 | libexif: Buffer overflow vulnerability |
| 200503-16 | Ethereal: Multiple vulnerabilities |
| 200503-15 | X.org: libXpm vulnerability |
| 200503-14 | KDE dcopidlng: Insecure temporary file creation |
| 200503-13 | mlterm: Integer overflow vulnerability |
| 200503-12 | Hashcash: Format string vulnerability |
| 200503-11 | ImageMagick: Filename handling vulnerability |
| 200503-10 | Mozilla Firefox: Various vulnerabilities |
| 200503-09 | xv: Filename handling vulnerability |
| 200503-08 | OpenMotif, LessTif: New libXpm buffer overflows |
| 200503-07 | phpMyAdmin: Multiple vulnerabilities |
| 200503-06 | BidWatcher: Format string vulnerability |
| 200503-05 | xli, xloadimage: Multiple vulnerabilities |
| 200503-04 | phpWebSite: Arbitrary PHP execution and path disclosure |
| 200503-03 | Gaim: Multiple Denial of Service issues |
| 200503-02 | phpBB: Multiple vulnerabilities |
| 200503-01 | Qt: Untrusted library search path |
| 200502-33 | MediaWiki: Multiple vulnerabilities |
| 200502-32 | UnAce: Buffer overflow and directory traversal vulnerabilities |
| 200502-31 | uim: Privilege escalation vulnerability |
| 200502-30 | cmd5checkpw: Local password leak vulnerability |
| 200502-29 | Cyrus IMAP Server: Multiple overflow vulnerabilities |
| 200502-28 | PuTTY: Remote code execution |
| 200502-27 | gFTP: Directory traversal vulnerability |
| 200502-26 | GProFTPD: gprostats format string vulnerability |
| 200502-25 | Squid: Denial of Service through DNS responses |
| 200502-24 | Midnight Commander: Multiple vulnerabilities |
| 200502-23 | KStars: Buffer overflow in fliccd |
| 200502-22 | wpa_supplicant: Buffer overflow vulnerability |
| 200502-21 | lighttpd: Script source disclosure |
| 200502-20 | Emacs, XEmacs: Format string vulnerabilities in movemail |
| 200502-19 | PostgreSQL: Buffer overflows in PL/PgSQL parser |
| 200502-18 | VMware Workstation: Untrusted library search path |
| 200502-17 | Opera: Multiple vulnerabilities |
| 200502-16 | ht://Dig: Cross-site scripting vulnerability |
| 200502-15 | PowerDNS: Denial of Service vulnerability |
| 200502-14 | mod_python: Publisher Handler vulnerability |
| 200502-13 | Perl: Vulnerabilities in perl-suid wrapper |
| 200502-12 | Webmin: Information leak in Gentoo binary package |
| 200502-11 | Mailman: Directory traversal vulnerability |
| 200502-10 | pdftohtml: Vulnerabilities in included Xpdf |
| 200502-09 | Python: Arbitrary code execution through SimpleXMLRPCServer |
| 200502-08 | PostgreSQL: Multiple vulnerabilities |
| 200502-07 | OpenMotif: Multiple vulnerabilities in libXpm |
| 200502-06 | LessTif: Multiple vulnerabilities in libXpm |
| 200502-05 | Newspost: Buffer overflow vulnerability |
| 200502-04 | Squid: Multiple vulnerabilities |
| 200502-03 | enscript: Multiple vulnerabilities |
| 200502-02 | UW IMAP: CRAM-MD5 authentication bypass |
| 200502-01 | FireHOL: Insecure temporary file creation |
| 200501-46 | ClamAV: Multiple issues |
| 200501-45 | Gallery: Cross-site scripting vulnerability |
| 200501-44 | ncpfs: Multiple vulnerabilities |
| 200501-43 | f2c: Insecure temporary file creation |
| 200501-42 | VDR: Arbitrary file overwriting issue |
| 200501-41 | TikiWiki: Arbitrary command execution |
| 200501-40 | ngIRCd: Buffer overflow |
| 200501-39 | SquirrelMail: Multiple vulnerabilities |
| 200501-38 | Perl: rmtree and DBI tmpfile vulnerabilities |
| 200501-37 | GraphicsMagick: PSD decoding heap overflow |
| 200501-36 | AWStats: Remote code execution |
| 200501-35 | Evolution: Integer overflow in camel-lock-helper |
| 200501-34 | Konversation: Various vulnerabilities |
| 200501-33 | MySQL: Insecure temporary file creation |
| 200501-32 | KPdf, KOffice: Stack overflow in included Xpdf code |
| 200501-31 | teTeX, pTeX, CSTeX: Multiple vulnerabilities |
| 200501-30 | CUPS: Stack overflow in included Xpdf code |
| 200501-29 | Mailman: Cross-site scripting vulnerability |
| 200501-28 | Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 |
| 200501-27 | Ethereal: Multiple vulnerabilities |
| 200501-26 | ImageMagick: PSD decoding heap overflow |
| 200501-25 | Squid: Multiple vulnerabilities |
| 200501-24 | tnftp: Arbitrary file overwriting |
| 200501-23 | Exim: Two buffer overflows |
| 200501-22 | poppassd_pam: Unauthorized password changing |
| 200501-21 | HylaFAX: hfaxd unauthorized login vulnerability |
| 200501-20 | o3read: Buffer overflow during file conversion |
| 200501-19 | imlib2: Buffer overflows in image decoding |
| 200501-18 | KDE FTP KIOslave: Command injection |
| 200501-17 | KPdf, KOffice: More vulnerabilities in included Xpdf |
| 200501-16 | Konqueror: Java sandbox vulnerabilities |
| 200501-15 | UnRTF: Buffer overflow |
| 200501-14 | mpg123: Buffer overflow |
| 200501-13 | pdftohtml: Vulnerabilities in included Xpdf |
| 200501-12 | TikiWiki: Arbitrary command execution |
| 200501-11 | Dillo: Format string vulnerability |
| 200501-10 | Vilistextum: Buffer overflow vulnerability |
| 200501-09 | xzgv: Multiple overflows |
| 200501-08 | phpGroupWare: Various vulnerabilities |
| 200501-07 | xine-lib: Multiple overflows |
| 200501-06 | tiff: New overflows in image decoding |
| 200501-05 | mit-krb5: Heap overflow in libkadm5srv |
| 200501-04 | Shoutcast Server: Remote code execution |
| 200501-03 | Mozilla, Firefox, Thunderbird: Various vulnerabilities |
| 200501-02 | a2ps: Multiple vulnerabilities |
| 200501-01 | LinPopUp: Buffer overflow in message reply |