New User, Welcome!     Login

Next Page >>

emerge

[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure

Impact
======

A local attacker could recover the SSL keys from publicly readable
binary packages when "emerge" is called with the "--buildpkg (-b)" or
"--buildpkgonly (-B)" option. Remote attackers can recover these keys
if the packages are served to a network. Binary packages built using
"quickpkg" are not affected.

Workaround

[ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure

Impact
======

A local attacker could recover the SSL keys from publicly readable
binary packages when "emerge" is called with the "--buildpkg (-b)" or
"--buildpkgonly (-B)" option. Remote attackers can recover these keys
if the packages are served to a network. Binary packages built using
"quickpkg" are not affected.

Workaround

[ GLSA 200911-02 ] Sun JDK/JRE: Multiple vulnerabilites

Resolution
==========

All Sun JRE 1.5.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =dev-java/sun-jre-bin-1.5.0.22

All Sun JRE 1.6.x users should upgrade to the latest version:

    # emerge --sync

[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities

Resolution
==========

All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=dev-db/postgresql-base-8.2.22:8.2"

All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:

  # emerge --sync

[ GLSA 200808-03 ] Mozilla products: Multiple vulnerabilities

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.16"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation

Resolution
==========

All aterm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"

All Eterm users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200805-18 ] Mozilla products: Multiple vulnerabilities

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask -1 -v ">=www-client/mozilla-firefox-2.0.0.14"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200708-09 ] Mozilla products: Multiple vulnerabilities

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.6"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200805-01 ] Horde Application Framework: Multiple vulnerabilities

==========

All Horde Application Framework users should upgrade to the latest
version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=www-apps/horde-3.1.7"

All horde-groupware users should upgrade to the latest version:

   # emerge --sync

[ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.9"

All Mozilla Firefox binary users should upgrade to the latest version:

   # emerge --sync

[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code

Resolution
==========

All Poppler users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.1-r1"

All KPDF users should upgrade to the latest version:

    # emerge --sync

[ GLSA 201006-18 ] Oracle JRE/JDK: Multiple vulnerabilities

Resolution
==========

All Oracle JRE 1.6.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20"

All Oracle JDK 1.6.x users should upgrade to the latest version:

    # emerge --sync

[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities

==========

All users of the binary version of VirtualBox should upgrade to the
latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-bin-3.0.12"

All users of the Open Source version of VirtualBox should upgrade to
the latest version:

[ GLSA 200806-11 ] IBM JDK/JRE: Multiple vulnerabilities

Resolution
==========

All IBM JDK 1.5 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/ibm-jdk-bin-1.5.0.7"

All IBM JDK 1.4 users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200712-21 ] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities

Resolution
==========

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot -v ">=www-client/mozilla-firefox-2.0.0.11"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200710-08 ] KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow

Resolution
==========

All KOffice users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r1"

All KWord users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability

Synopsis
========

A search path vulnerability in Portage allows local attackers to
execute commands with root privileges if emerge is called from
untrusted directories.

Background
==========

[ GLSA 200909-18 ] nginx: Remote execution of arbitrary code

Resolution
==========

All nginx 0.5.x users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38

All nginx 0.6.x users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200909-14 ] Horde: Multiple vulnerabilities

Resolution
==========

All Horde users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =www-apps/horde-3.3.4

All Horde IMP users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200907-11 ] GStreamer plug-ins: User-assisted execution of arbitrary code

Resolution
==========

All gst-plugins-good users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot -v ">=media-libs/gst-plugins-good-0.10.14"

All gst-plugins-base users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200911-01 ] Horde: Multiple vulnerabilities

Resolution
==========

All Horde users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose =www-apps/horde-3.3.5

All Horde webmail users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities

Resolution
==========

All FFmpeg users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose >=media-video/ffmpeg-0.4.9_p20090201"

All gst-plugins-ffmpeg users should upgrade to the latest version:

# emerge --sync

[ GLSA 200804-20 ] Sun JDK/JRE: Multiple vulnerabilities

Resolution
==========

All Sun JRE users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"

All Sun JDK users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200804-27 ] SILC: Multiple vulnerabilities

Resolution
==========

All SILC Toolkit users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.7"

All SILC Client users should upgrade to the latest version:

    # emerge --sync

[ GLSA 200803-14 ] Ghostscript: Buffer overflow

Resolution
==========

All Ghostscript ESP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-text/ghostscript-esp-8.15.4-r1"

All Ghostscript GPL users should upgrade to the latest version:

[ GLSA 200712-25 ] OpenOffice.org: User-assisted arbitrary code execution

Resolution
==========

All OpenOffice.org users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.3.1"

All OpenOffice.org binary users should upgrade to the latest version:

 # emerge --sync

[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities

Resolution
==========

All Oracle JDK 1.6 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"

All Oracle JRE 1.6 users should upgrade to the latest version:

  # emerge --sync

[ GLSA 200903-37 ] Ghostscript: User-assisted execution of arbitrary code

Resolution
==========

All GPL Ghostscript users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.64-r2"

All GNU Ghostscript users should upgrade to the latest version:

 # emerge --sync

[ GLSA 200907-08 ] Multiple Ralink wireless drivers: Execution of arbitrary code

All external kernel modules have been masked and we recommend that
users unmerge those drivers. The Linux mainline kernel has equivalent
support for these devices and the vulnerability has been resolved in
stable versions of sys-kernel/gentoo-sources.

    # emerge --unmerge "net-wireless/rt2400"
    # emerge --unmerge "net-wireless/rt2500"
    # emerge --unmerge "net-wireless/rt2570"
    # emerge --unmerge "net-wireless/rt61"
    # emerge --unmerge "net-wireless/ralink-rt61"

[ GLSA 200907-07 ] ModPlug: User-assisted execution of arbitrary code

Resolution
==========

All ModPlug users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/libmodplug-0.8.7"

gst-plugins-bad 0.10.11 and later versions do not include the ModPlug
plug-in (it has been moved to media-plugins/gst-plugins-modplug). All
gst-plugins-bad users should upgrade to the latest version and install
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!