A new security update has been released for Gentoo Linux - Pan: User-assisted execution of arbitrary code. Here the announcement:
"Gentoo Linux Security Advisory GLSA 200807-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/=
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Pan: User-assisted execution of arbitrary code
Date: July 31, 2008
Bugs: #224051
ID: 200807-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A buffer overflow vulnerability in Pan may allow remote attacker to
execute arbitrary code.
Background
==========
Pan is a newsreader for the GNOME desktop.
Affected packages
=================
-------------------------------------------------------------------=
Package / Vulnerable / Unaffected
-------------------------------------------------------------------=
1 net-nntp/pan < 0.132-r3 >= 0.132-r=
3
*>= 0.14.2.91-r=
2
== 0.1=
4.2
Description
===========
Pavel Polischouk reported a boundary error in the PartsBatch class when
processing .nzb files.
Impact
======
A remote attacker could entice a user to open a specially crafted .nzb
file, possibly resulting in the remote execution of arbitrary code with
the privileges of the user running the application.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Pan users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nntp/pan-0.132-r3"
References
==========
[ 1 ] CVE-2008-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2363
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200807-15.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
"
GLSA 200806-05 cbrPager: User-assisted execution of arbitrary code
A week of user-created echochrome levels starts tomorrow
GLSA 200805-22 MPlayer: User-assisted execution of arbitrary code
This entry was posted
on 11:57 PM
.
Archives
-
▼
2008
(457)
-
▼
August
(65)
- CESA-2008:0836 Moderate CentOS 5 x86_64 libxml2 Up...
- CESA-2008:0849 Important CentOS 5 x86_64 ipsec-too...
- RHSA-2008:0847-01 Important: libtiff security and ...
- RHSA-2008:0848-01 Important: libtiff security and ...
- RHSA-2008:0863-01 Important: libtiff security update
- CESA-2008:0836 Moderate CentOS 5 i386 libxml2 Update
- CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - ...
- CESA-2008:0836 Moderate CentOS 3 i386 libxml2 - se...
- Intel acquires Linux distro developer
- RHSA-2008:0648-01 Important: tomcat security update
- RHSA-2008:0849-01 Important: ipsec-tools security ...
- CESA-2008:0839 Moderate CentOS 4 ia64 postfix - se...
- DSA 1631-1: New libxml2 packages fix denial of ser...
- MIDs offer Atom, HSDPA
- CESA-2008:0836 Moderate CentOS 4 s390(x) libxml2 -...
- CESA-2008:0836 Moderate CentOS 4 ia64 libxml2 - se...
- Kubuntu 8.10 Alpha 4 Review
- CESA-2008:0855 Critical CentOS 4 s390(x) openssh -...
- Contentteller Release Candidate 2 available
- Creating Advanced MySQL-Based Virtual Hosts On Lig...
- openSUSE 11.1 Alpha 2
- DSA 1629-2: New postfix packages fix installabilit...
- USN-636-1: Postfix vulnerability
- RHSA-2008:0815-01 Moderate: yum-rhn-plugin securit...
- Intel aims x86 at digital TVs
- Intel unveils dual-core Atom
- GLSA 200808-12 Postfix: Local privilege escalatio...
- AMD Radeon HD 4870 X2 On Linux
- DSA 1629-1: New postfix packages fix privilege esc...
- RHSA-2008:0818-02 Moderate: hplip security update
- RHSA-2008:0814-01 Moderate: condor security and bu...
- Ubuntu Linux 8.10 Alpha-4 released
- No title
- No title
- How To Set Up WebDAV With Lighttpd On Debian Etch
- RHSA-2008:0816-01 Moderate: condor security and bu...
- Contentteller Release Candidate 1 available
- GLSA 200808-09 OpenLDAP: Denial of Service vulner...
- DSA 1627-1: New PowerDNS packages reduce DNS spoof...
- GLSA 200808-11 UUDeview: Insecure temporary file ...
- GLSA 200808-10 Adobe Reader: User-assisted execut...
- GLSA 200808-07 ClamAV: Multiple Denials of Service
- ispCP Omega 1.0.0 RC6 released
- GLSA 200808-08 stunnel: Security bypass
- GLSA 200808-03 Mozilla products: Multiple vulnera...
- RHSA-2008:0612-01 Important: kernel security and b...
- Lightweight GNOME alternative emerges
- GLSA 200808-06 libxslt: Execution of arbitrary code
- GLSA 200808-04 Wireshark: Denial of Service
- At last -- native apps for Motorola Linux phones
- USN-626-2: Devhelp, Epiphany, Midbrowser and Yelp ...
- GLSA 200808-01 xine-lib: User-assisted execution ...
- How To Install The Zimbra Desktop Email Client On ...
- Fedora 10 Alpha
- GLSA 200807-15 Pan: User-assisted execution of ar...
- USN-633-1: libxslt vulnerabilities
- Installing And Using OpenVZ On CentOS 5.2
- DSA 1625-1: New cupsys packages fix arbitrary code...
- USN-634-1: OpenLDAP vulnerability
- RHSA-2008:0790-02 Critical: java-1.5.0-ibm securit...
- Netbooks growing -- in two ways
- DSA 1624-1: New libxslt packages fix arbitrary cod...
- DSA 1626-1: New httrack packages fix arbitrary cod...
- USN-626-1: Firefox and xulrunner vulnerabilities
- DSA 1623-1: New dnsmasq packages fix cache poisoning
-
▼
August
(65)