|
|
| Top White Papers
Current Newswire:
Advisories, March 5, 2007Mar 06, 2007, 04:45 (0 Talkback[s])Debian GNU/LinuxDebian Security Advisory DSA 1262-1 security@debian.org Package : gnomemeeting "Mu Security" discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code. For the stable distribution (sarge) this problem has been fixed in version 1.2.1-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 2.0.3-2.1 of the ekiga package. For the unstable distribution (sid) this problem has been fixed in version 2.0.3-2.1 of the ekiga package. We recommend that you upgrade your gnomemeeting package. Upgrade Instructions wget url will fetch the file for you will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge Source archives: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1.dsc Alpha architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_alpha.deb AMD64 architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_amd64.deb ARM architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_arm.deb HP Precision architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_hppa.deb Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_i386.deb Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_ia64.deb Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_m68k.deb Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mips.deb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mipsel.deb PowerPC architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_powerpc.deb IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_s390.deb Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_sparc.deb These files will probably be moved into the stable distribution on its next update. For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> Fedora CoreFedora Update Notification FEDORA-2007-308 2007-03-05 Product : Fedora Core 6 Description :
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ a5d3474e8609e28fea0f234cd377b05b91f56572
SRPMS/thunderbird-1.5.0.10-1.fc6.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce Fedora Update Notification FEDORA-2007-309 2007-03-05 Product : Fedora Core 5 Description :
This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ d809e08db21f2b779a90bd6992d5ef3825b26412
SRPMS/thunderbird-1.5.0.10-1.fc5.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. Gentoo LinuxGentoo Linux Security Advisory GLSA 200703-06 Severity: Normal SynopsisThe AMD64 x86 emulation Qt library makes use of an insecure version of the Qt library, potentially allowing for the remote execution of arbitrary code. BackgroundThe AMD64 x86 emulation Qt library for AMD64 emulates the x86 (32-bit) Qt library on the AMD64 (64-bit) architecture. Affected packages
Package / Vulnerable / Unaffected
1 emul-linux-x86-qtlibs < 10.0 >= 10.0 DescriptionAn integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. ImpactBy enticing a user to open a specially crafted pixmap image in an application using the AMD64 x86 emulation Qt library, a remote attacker could cause an application crash or the remote execution of arbitrary code with the rights of the user running the application. WorkaroundThere is no known workaround at this time. ResolutionAll AMD64 x86 emulation Qt library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-qtlibs-10.0"
References[ 1 ] GLSA 200611-02 http://www.gentoo.org/security/en/glsa/glsa-200611-02.xml [ 2 ] CVE-2006-4811 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 AvailabilityThis GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-06.xml Concerns?Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. LicenseCopyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
0 Talkback[s]
(click to add your comment)
|
