Security
Security
This page lists all security advisories that were released by the Gentoo security team. For more information, please visit our distribution's security overview.
| ID | Title |
|---|---|
| 200612-21 | Ruby: Denial of Service vulnerability |
| 200612-20 | imlib2: Multiple vulnerabilities |
| 200612-19 | pam_ldap: Authentication bypass vulnerability |
| 200612-18 | ClamAV: Denial of service |
| 200612-17 | GNU Radius: Format string vulnerability |
| 200612-16 | Links: Arbitrary Samba command execution |
| 200612-15 | McAfee VirusScan: Insecure DT_RPATH |
| 200612-14 | Trac: Cross-site request forgery |
| 200612-13 | libgsf: Buffer overflow |
| 200612-12 | F-PROT Antivirus: Multiple vulnerabilities |
| 200612-11 | AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities |
| 200612-10 | Tar: Directory traversal vulnerability |
| 200612-09 | MadWifi: Kernel driver buffer overflow |
| 200612-08 | SeaMonkey: Multiple vulnerabilities |
| 200612-07 | Mozilla Firefox: Multiple vulnerabilities |
| 200612-06 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200612-05 | KOffice shared libraries: Heap corruption |
| 200612-04 | ModPlug: Multiple buffer overflows |
| 200612-03 | GnuPG: Multiple vulnerabilities |
| 200612-02 | xine-lib: Buffer overflow |
| 200612-01 | wv library: Multiple integer overflows |
| 200611-26 | ProFTPD: Remote execution of arbitrary code |
| 200611-25 | OpenLDAP: Denial of Service vulnerability |
| 200611-24 | LHa: Multiple vulnerabilities |
| 200611-23 | Mono: Insecure temporary file creation |
| 200611-22 | Ingo H3: Folder name shell command injection |
| 200611-21 | Kile: Incorrect backup file permission |
| 200611-20 | GNU gv: Stack overflow |
| 200611-19 | ImageMagick: PALM and DCM buffer overflows |
| 200611-18 | TIN: Multiple buffer overflows |
| 200611-17 | fvwm: fvwm-menu-directory fvwm command injection |
| 200611-16 | Texinfo: Buffer overflow |
| 200611-15 | qmailAdmin: Buffer overflow |
| 200611-14 | TORQUE: Insecure temporary file creation |
| 200611-13 | Avahi: "netlink" message vulnerability |
| 200611-12 | Ruby: Denial of Service vulnerability |
| 200611-11 | TikiWiki: Multiple vulnerabilities |
| 200611-10 | WordPress: Multiple vulnerabilities |
| 200611-09 | libpng: Denial of service |
| 200611-08 | RPM: Buffer overflow |
| 200611-07 | GraphicsMagick: PALM and DCM buffer overflows |
| 200611-06 | OpenSSH: Multiple Denial of Service vulnerabilities |
| 200611-05 | Netkit FTP Server: Privilege escalation |
| 200611-04 | Bugzilla: Multiple Vulnerabilities |
| 200611-03 | NVIDIA binary graphics driver: Privilege escalation vulnerability |
| 200611-02 | Qt: Integer overflow |
| 200611-01 | Screen: UTF-8 character handling vulnerability |
| 200610-15 | Asterisk: Multiple vulnerabilities |
| 200610-14 | PHP: Integer overflow |
| 200610-13 | Cheese Tracker: Buffer Overflow |
| 200610-12 | Apache mod_tcl: Format string vulnerability |
| 200610-11 | OpenSSL: Multiple vulnerabilities |
| 200610-10 | ClamAV: Multiple Vulnerabilities |
| 200610-09 | libmusicbrainz: Multiple buffer overflows |
| 200610-08 | Cscope: Multiple buffer overflows |
| 200610-07 | Python: Buffer Overflow |
| 200610-06 | Mozilla Network Security Service (NSS): RSA signature forgery |
| 200610-05 | CAPI4Hylafax fax receiver: Execution of arbitrary code |
| 200610-04 | Seamonkey: Multiple vulnerabilities |
| 200610-03 | ncompress: Buffer Underflow |
| 200610-02 | Adobe Flash Player: Arbitrary code execution |
| 200610-01 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200609-20 | DokuWiki: Shell command injection and Denial of service |
| 200609-19 | Mozilla Firefox: Multiple vulnerabilities |
| 200609-18 | Opera: RSA signature forgery |
| 200609-17 | OpenSSH: Denial of service |
| 200609-16 | Tikiwiki: Arbitrary command execution |
| 200609-15 | GnuTLS: RSA Signature Forgery |
| 200609-14 | ImageMagick: Multiple Vulnerabilities |
| 200609-13 | gzip: Multiple vulnerabilities |
| 200609-12 | Mailman: Multiple vulnerabilities |
| 200609-11 | BIND: Denial of service |
| 200609-10 | DokuWiki: Arbitrary command execution |
| 200609-09 | FFmpeg: Buffer overflows |
| 200609-08 | xine-lib: Buffer overflows |
| 200609-07 | LibXfont, monolithic X.org: Multiple integer overflows |
| 200609-06 | AdPlug: Multiple vulnerabilities |
| 200609-05 | OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery |
| 200609-04 | LibXfont: Multiple integer overflows |
| 200609-03 | OpenTTD: Remote Denial of service |
| 200609-02 | GTetrinet: Remote code execution |
| 200609-01 | Streamripper: Multiple remote buffer overflows |
| 200608-28 | PHP: Arbitary code execution |
| 200608-27 | Motor: Execution of arbitrary code |
| 200608-26 | Wireshark: Multiple vulnerabilities |
| 200608-25 | X.org and some X.org libraries: Local privilege escalations |
| 200608-24 | AlsaPlayer: Multiple buffer overflows |
| 200608-23 | Heartbeat: Denial of service |
| 200608-22 | fbida: Arbitrary command execution |
| 200608-21 | Heimdal: Multiple local privilege escalation vulnerabilities |
| 200608-20 | Ruby on Rails: Several vulnerabilities |
| 200608-19 | WordPress: Privilege escalation |
| 200608-18 | Net::Server: Format string vulnerability |
| 200608-17 | libwmf: Buffer overflow vulnerability |
| 200608-16 | Warzone 2100 Resurrection: Multiple buffer overflows |
| 200608-15 | MIT Kerberos 5: Multiple local privilege escalation vulnerabilities |
| 200608-14 | DUMB: Heap buffer overflow |
| 200608-13 | ClamAV: Heap buffer overflow |
| 200608-12 | x11vnc: Authentication bypass in included LibVNCServer code |
| 200608-11 | Webmin, Usermin: File Disclosure |
| 200608-10 | pike: SQL injection vulnerability |
| 200608-09 | MySQL: Denial of service |
| 200608-08 | GnuPG: Integer overflow vulnerability |
| 200608-07 | libTIFF: Multiple vulnerabilities |
| 200608-06 | Courier MTA: Denial of Service vulnerability |
| 200608-05 | LibVNCServer: Authentication bypass |
| 200608-04 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200608-03 | Mozilla Firefox: Multiple vulnerabilities |
| 200608-02 | Mozilla SeaMonkey: Multiple vulnerabilities |
| 200608-01 | Apache: Off-by-one flaw in mod_rewrite |
| 200607-13 | Audacious: Multiple heap and buffer overflows |
| 200607-12 | OpenOffice.org: Multiple vulnerabilities |
| 200607-11 | TunePimp: Buffer overflow |
| 200607-10 | Samba: Denial of Service vulnerability |
| 200607-09 | Wireshark: Multiple vulnerabilities |
| 200607-08 | GIMP: Buffer overflow |
| 200607-07 | xine-lib: Buffer overflow |
| 200607-06 | libpng: Buffer overflow |
| 200607-05 | SHOUTcast server: Multiple vulnerabilities |
| 200607-04 | PostgreSQL: SQL injection |
| 200607-03 | libTIFF: Multiple buffer overflows |
| 200607-02 | FreeType: Multiple integer overflows |
| 200607-01 | mpg123: Heap overflow |
| 200606-30 | Kiax: Arbitrary code execution |
| 200606-29 | Tikiwiki: SQL injection and multiple XSS vulnerabilities |
| 200606-28 | Horde Web Application Framework: XSS vulnerability |
| 200606-27 | Mutt: Buffer overflow |
| 200606-26 | EnergyMech: Denial of service |
| 200606-25 | Hashcash: Possible heap overflow |
| 200606-24 | wv2: Integer overflow |
| 200606-23 | KDM: Symlink vulnerability |
| 200606-22 | aRts: Privilege escalation |
| 200606-21 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200606-20 | Typespeed: Remote execution of arbitrary code |
| 200606-19 | Sendmail: Denial of service |
| 200606-18 | PAM-MySQL: Multiple vulnerabilities |
| 200606-17 | OpenLDAP: Buffer overflow |
| 200606-16 | DokuWiki: PHP code injection |
| 200606-15 | Asterisk: IAX2 video frame buffer overflow |
| 200606-14 | GDM: Privilege escalation |
| 200606-13 | MySQL: SQL Injection |
| 200606-12 | Mozilla Firefox: Multiple vulnerabilities |
| 200606-11 | JPEG library: Denial of service |
| 200606-10 | Cscope: Many buffer overflows |
| 200606-09 | SpamAssassin: Execution of arbitrary code |
| 200606-08 | WordPress: Arbitrary command execution |
| 200606-07 | Vixie Cron: Privilege Escalation |
| 200606-06 | AWStats: Remote execution of arbitrary code |
| 200606-05 | Pound: HTTP request smuggling |
| 200606-04 | Tor: Several vulnerabilities |
| 200606-03 | Dia: Format string vulnerabilities |
| 200606-02 | shadow: Privilege escalation |
| 200606-01 | Opera: Buffer overflow |
| 200605-17 | libTIFF: Multiple vulnerabilities |
| 200605-16 | CherryPy: Directory traversal vulnerability |
| 200605-15 | Quagga Routing Suite: Multiple vulnerabilities |
| 200605-14 | libextractor: Two heap-based buffer overflows |
| 200605-13 | MySQL: Information leakage |
| 200605-12 | Quake 3 engine based games: Buffer Overflow |
| 200605-11 | Ruby: Denial of service |
| 200605-10 | pdnsd: Denial of Service and potential arbitrary code execution |
| 200605-09 | Mozilla Thunderbird: Multiple vulnerabilities |
| 200605-08 | PHP: Multiple vulnerabilities |
| 200605-07 | Nagios: Buffer overflow |
| 200605-06 | Mozilla Firefox: Potential remote code execution |
| 200605-05 | rsync: Potential integer overflow |
| 200605-04 | phpWebSite: Local file inclusion |
| 200605-03 | ClamAV: Buffer overflow in Freshclam |
| 200605-02 | X.Org: Buffer overflow in XRender extension |
| 200605-01 | MPlayer: Heap-based buffer overflow |
| 200604-18 | Mozilla Suite: Multiple vulnerabilities |
| 200604-17 | Ethereal: Multiple vulnerabilities in protocol dissectors |
| 200604-16 | xine-lib: Buffer overflow vulnerability |
| 200604-15 | xine-ui: Format string vulnerabilities |
| 200604-14 | Dia: Arbitrary code execution through XFig import |
| 200604-13 | fbida: Insecure temporary file creation |
| 200604-12 | Mozilla Firefox: Multiple vulnerabilities |
| 200604-11 | Crossfire server: Denial of Service and potential arbitrary code execution |
| 200604-10 | zgv, xzgv: Heap overflow |
| 200604-09 | Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service |
| 200604-08 | libapreq2: Denial of Service vulnerability |
| 200604-07 | Cacti: Multiple vulnerabilities in included ADOdb |
| 200604-06 | ClamAV: Multiple vulnerabilities |
| 200604-05 | Doomsday: Format string vulnerability |
| 200604-04 | Kaffeine: Buffer overflow |
| 200604-03 | FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module |
| 200604-02 | Horde Application Framework: Remote code execution |
| 200604-01 | MediaWiki: Cross-site scripting vulnerability |
| 200603-26 | bsd-games: Local privilege escalation in tetris-bsd |
| 200603-25 | OpenOffice.org: Heap overflow in included libcurl |
| 200603-24 | RealPlayer: Buffer overflow vulnerability |
| 200603-23 | NetHack, Slash'EM, Falcon's Eye: Local privilege escalation |
| 200603-22 | PHP: Format string and XSS vulnerabilities |
| 200603-21 | Sendmail: Race condition in the handling of asynchronous signals |
| 200603-20 | Macromedia Flash Player: Arbitrary code execution |
| 200603-19 | cURL/libcurl: Buffer overflow in the handling of TFTP URLs |
| 200603-18 | Pngcrush: Buffer overflow |
| 200603-17 | PeerCast: Buffer overflow |
| 200603-16 | Metamail: Buffer overflow |
| 200603-15 | Crypt::CBC: Insecure initialization vector |
| 200603-14 | Heimdal: rshd privilege escalation |
| 200603-13 | PEAR-Auth: Potential authentication bypass |
| 200603-12 | zoo: Buffer overflow |
| 200603-11 | Freeciv: Denial of service |
| 200603-10 | Cube: Multiple vulnerabilities |
| 200603-09 | SquirrelMail: Cross-site scripting and IMAP command injection |
| 200603-08 | GnuPG: Incorrect signature verification |
| 200603-07 | flex: Potential insecure code generation |
| 200603-06 | GNU tar: Buffer overflow |
| 200603-05 | zoo: Stack-based buffer overflow |
| 200603-04 | IMAP Proxy: Format string vulnerabilities |
| 200603-03 | MPlayer: Multiple integer overflows |
| 200603-02 | teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code |
| 200603-01 | WordPress: SQL injection vulnerability |
| 200602-14 | noweb: Insecure temporary file creation |
| 200602-13 | GraphicsMagick: Format string vulnerability |
| 200602-12 | GPdf: heap overflows in included Xpdf code |
| 200602-11 | OpenSSH, Dropbear: Insecure use of system() call |
| 200602-10 | GnuPG: Incorrect signature verification |
| 200602-09 | BomberClone: Remote execution of arbitrary code |
| 200602-08 | libtasn1, GNU TLS: Security flaw in DER decoding |
| 200602-07 | Sun JDK/JRE: Applet privilege escalation |
| 200602-06 | ImageMagick: Format string vulnerability |
| 200602-05 | KPdf: Heap based overflow |
| 200602-04 | Xpdf, Poppler: Heap overflow |
| 200602-03 | Apache: Multiple vulnerabilities |
| 200602-02 | ADOdb: PostgresSQL command injection |
| 200602-01 | GStreamer FFmpeg plugin: Heap-based buffer overflow |
| 200601-17 | Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows |
| 200601-16 | MyDNS: Denial of service |
| 200601-15 | Paros: Default administrator password |
| 200601-14 | LibAST: Privilege escalation |
| 200601-13 | Gallery: Cross-site scripting vulnerability |
| 200601-12 | Trac: Cross-site scripting vulnerability |
| 200601-11 | KDE kjs: URI heap overflow vulnerability |
| 200601-10 | Sun and Blackdown Java: Applet privilege escalation |
| 200601-09 | Wine: Windows Metafile SETABORTPROC vulnerability |
| 200601-08 | Blender: Heap-based buffer overflow |
| 200601-07 | ClamAV: Remote execution of arbitrary code |
| 200601-06 | xine-lib, FFmpeg: Heap-based buffer overflow |
| 200601-05 | mod_auth_pgsql: Multiple format string vulnerabilities |
| 200601-04 | VMware Workstation: Vulnerability in NAT networking |
| 200601-03 | HylaFAX: Multiple vulnerabilities |
| 200601-02 | KPdf, KWord: Multiple overflows in included Xpdf code |
| 200601-01 | pinentry: Local privilege escalation |