dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, November 14, 2006

Nov 15, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1209-2 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 12th, 2006 http://www.debian.org/security/faq


Package : trac
Vulnerability : cross-site request forgery
Problem-Type : remote
Debian-specific: no

The Trac update in DSA 1209 introduced a regression. This update corrects this flaw. For completeness, the original advisory text below:

It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user.

For the stable distribution (sarge) this problem has been fixed in version 0.8.1-3sarge6.

For the unstable distribution (sid) this problem has been fixed in version 0.10.1-1.

We recommend that you upgrade your trac package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.dsc
      Size/MD5 checksum: 656 3e2a71eb01a324d3a26f9e6c001fbba5
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.diff.gz
      Size/MD5 checksum: 14842 9cdb9eed54faecbe2c4df8f5106dafdb
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
      Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7_all.deb
      Size/MD5 checksum: 200092 5c0659ad7e99970da829c0258209b747

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1210-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 14th, 2006 http://www.debian.org/security/faq


Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4571
BugTraq ID : 20042

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2788

Fernando Ribeiro discovered that a vulnerability in the getRawDER functionallows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code.

CVE-2006-4340

Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates.

CVE-2006-4565, CVE-2006-4566

Priit Laes reported that that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2006-4568

A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site.

CVE-2006-4571

Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge12.

For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.7-1 of firefox.

We recommend that you upgrade your Mozilla Firefox package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.dsc
      Size/MD5 checksum: 1003 751f0df80be8491ac3b24e902da6e3cb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.diff.gz
      Size/MD5 checksum: 441420 8b1078ef98ff79137869c932999d3957
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
      Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum: 11181154 771ba85fbf21e6419d87820fc6f19a9a
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum: 170352 f2c75d2fb5ab8684a20ba6fc08585cdb
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_alpha.deb
      Size/MD5 checksum: 62166 79fd193ea817fc1f466a57e4a37d74fa

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum: 9411492 3c3704ef1014e0d9dc38ece9d16a36d4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum: 165132 54e7468747e04dc1449faa8ff9c123b4
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_amd64.deb
      Size/MD5 checksum: 60700 a8ac42c24a29be9b260a0ec426b83f1c

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum: 8232340 0d9f98d7a3bc7bcef0d759b98061c79b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum: 156586 7b74819b6afa58f7c485fb581ace3501
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_arm.deb
      Size/MD5 checksum: 55998 08e378fe351fc437422ea242ff83a60c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum: 10285622 0558779439806d577d49c812255c6d0d
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum: 168054 cd002591b783ecec56da8995fb75a400
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_hppa.deb
      Size/MD5 checksum: 61152 a38e7bca2cbe87bf5bdfd006bc95e448

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum: 8907626 1a353f19735c6339a74fe9d2a2b97fdf
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum: 160320 e833f8887c1b541d8f6ef4b7552a70c7
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_i386.deb
      Size/MD5 checksum: 57550 00e2dc72d2a8af56650004ac095eee06

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum: 11644736 049ecdd937bff15ed7e12f1282599a98
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum: 170668 f3298445d8884cf133bcb837cc049240
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_ia64.deb
      Size/MD5 checksum: 65358 134710ff8c57f8e02e113b5af1df6662

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum: 8184660 b0103cf8b425bb76d91a7873f78d0217
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum: 159262 e04d0648d5b817a1b7314e5d77108873
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_m68k.deb
      Size/MD5 checksum: 56816 15dc3184acaf65cca897de7092a588ff

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum: 9942738 846cc617e99976a64ce379ff04822370
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum: 158130 e8812baecfd3f93a6540a44b7d97a9aa
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mips.deb
      Size/MD5 checksum: 57818 44d481edc96edd5b33c6474064792a76

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 9819470 41ecbd5f3543c0b110771e93e2307abc
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 157672 43ca2a353bacf378a2dc7dfa9a7f3a73
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb
      Size/MD5 checksum: 57634 8d16796108c3a7627ab9654e977277a5

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum: 8579128 b673ec3ded27be02020cc1e532b80740
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum: 158740 8c7ef8d61c6753e3474b8867d5356d9b
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_powerpc.deb
      Size/MD5 checksum: 59932 ead83381ef8abacb712f57d64ab736df

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum: 9649760 a4cd1c6d8ee856640fef8b97bee96657
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum: 165732 197737ac3038ab474cb47e7c30d92374
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_s390.deb
      Size/MD5 checksum: 60126 81193293f0e149cfa90e8cd9b71a3e22

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum: 8671300 f486f39ddab307216a90532093d178b3
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum: 158928 03c9877b5d2151af331509a9c9d191b8
    http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_sparc.deb
      Size/MD5 checksum: 56362 5fb4c5c035b32c5fd1b86b48f1b5cafb

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>;

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated gzip package fixes security issues
Advisory ID: FLSA:211760
Issue date: 2006-11-13
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2006-4334, CVE-2006-4338, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337



1. Topic:

An updated gzip package is now available.

The gzip package contains the GNU gzip data compression program.

2. Relevant releases/architectures:

Fedora Core 3 - i386, x86_64
Fedora Core 4 - i386, x86_64

3. Problem description:

Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338)

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337)

Users of gzip should upgrade to this updated package, which contain a backported patch and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760

6. RPMs required:

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm

Fedora Core 4:

SRPM:
http://download.fedoralegacy.org/fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


fc3:
803cef0b8d4e06f79ae9ce64aee63cdd761e87b6 fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm
602ad6828a3388063db0c45f13c256d92b12cc51 fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm
7f4737f9e627480ee211022b9dffc1da5696adda fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm

fc4:
1cf4530543c8f7da0d331f11388bb7517fa013e4 fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm
17fb012aacf13fcf623c5f6447d4ba127ed4a780 fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm
b49360a81b5d4df62dbbb3b2b094515678f41a35 fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200611-06

http://security.gentoo.org/


Severity: Normal
Title: OpenSSH: Multiple Denial of Service vulnerabilities
Date: November 13, 2006
Bugs: #149502
ID: 200611-06


Synopsis

Several Denial of Service vulnerabilities have been identified in OpenSSH.

Background

OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

Affected packages


     Package           /   Vulnerable   /                   Unaffected

  1  net-misc/openssh      < 4.4_p1-r5                    >= 4.4_p1-r5

Description

Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort.

Impact

The pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5"

References

[ 1 ] CVE-2006-5051

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051

[ 2 ] CVE-2006-5052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052

[ 3 ] OpenSSH Security Advisory

http://www.openssh.com/txt/release-4.4

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200611-07

http://security.gentoo.org/


Severity: Normal
Title: GraphicsMagick: PALM and DCM buffer overflows
Date: November 13, 2006
Bugs: #152668
ID: 200611-07


Synopsis

GraphicsMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code.

Background

GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.

Affected packages


     Package                   /  Vulnerable  /             Unaffected

  1  media-gfx/graphicsmagick     < 1.1.7-r3               >= 1.1.7-r3

Description

M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images.

Impact

An attacker could entice a user to open a specially crafted DCM or PALM image with GraphicsMagick, and possibly execute arbitrary code with the privileges of the user running GraphicsMagick.

Workaround

There is no known workaround at this time.

Resolution

All GraphicsMagick users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7-r3"

References

[ 1 ] CVE-2006-5456

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200611-08

http://security.gentoo.org/


Severity: Normal
Title: RPM: Buffer overflow
Date: November 13, 2006
Bugs: #154218
ID: 200611-08


Synopsis

RPM is vulnerable to a buffer overflow and possibly the execution of arbitrary code when opening specially crafted packages.

Background

The Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.

Affected packages


     Package       /  Vulnerable  /                         Unaffected

  1  app-arch/rpm     < 4.4.6-r3                           >= 4.4.6-r3

Description

Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly allocates memory for the packages, possibly causing a heap-based buffer overflow.

Impact

An attacker could entice a user to open a specially crafted RPM package and execute code with the privileges of that user if certain locales are set.

Workaround

There is no known workaround at this time.

Resolution

All RPM users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3"

References

[ 1 ] CVE-2006-5466

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5