|
 |
Debian GNU/Linux
Debian Security Advisory DSA 845-1 security@debian.org
Package : mason Christoph Martin noticed that upon configuration mason, which interactively creates a Linux packet filtering firewall, does not install the init script to actually load the firewall during system boot. This will leave the machine without a firewall after a reboot. For the old stable distribution (woody) this problem has been fixed in version 0.13.0.92-2woody1. For the stable distribution (sarge) this problem has been fixed in version 1.0.0-2.2. For the unstable distribution (sid) this problem has been fixed in version 1.0.0-3. We recommend that you upgrade your mason package. Upgrade Instructions wget url
will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives:
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1_all.deb Debian GNU/Linux 3.1 alias sarge Source archives:
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.dsc Architecture independent components:
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2_all.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Gentoo LinuxGentoo Linux Security Advisory GLSA 200510-05
Severity: Normal SynopsisRuby is vulnerable to a security bypass of the safe level mechanism. BackgroundRuby is an interpreted scripting language for quick and easy object-oriented programming. Ruby supports the safe execution of untrusted code using a safe level and taint flag mechanism. Affected packages
DescriptionDr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. ImpactAn attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level. WorkaroundThere is no known workaround at this time. ResolutionAll Ruby users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.3"
References[ 1 ] CAN-2005-2337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337 [ 2 ] Ruby release announcement http://www.ruby-lang.org/en/20051003.html AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200510-05.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Gentoo Linux Security Advisory GLSA 200510-06
Severity: Normal SynopsisImproperly sanitised data in Dia allows remote attackers to execute arbitrary code. BackgroundDia is a gtk+ based diagram creation program released under the GPL license. Affected packages
DescriptionJoxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. ImpactAn attacker could create a specially crafted SVG file, which, when imported into Dia, could lead to the execution of arbitrary code. WorkaroundThere is no known workaround at this time. ResolutionAll Dia users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r3"
References[ 1 ] CAN-2005-2966 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2966 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200510-06.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 Ubuntu LinuxUbuntu Security Notice USN-194-1 October 06, 2005 texinfo vulnerability CAN-2005-3011 A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) The following packages are affected: texinfo The problem can be corrected by upgrading the affected package to version 4.6-1ubuntu1.1 (for Ubuntu 4.10), or 4.7-2.2ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Frank Lichtenheld discovered that the "texindex" program created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running texindex. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.6-1ubuntu1.1.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.6-1ubuntu1.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.6-1ubuntu1.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.6-1ubuntu1.1_powerpc.deb Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/texinfo_4.7-2.2ubuntu1.1.diff.gz amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu1.1_amd64.deb i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu1.1_i386.deb powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/texinfo/info_4.7-2.2ubuntu1.1_powerpc.deb  
|
 |
|
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP |
