[Full-disclosure] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution

From: Sune Kloppenborg Jeppesen (jaervosz_at_gentoo.org)
Date: 05/20/05

Next message: Sune Kloppenborg Jeppesen: "[Full-disclosure] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability"

Previous message: HHikita: "Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: gentoo-announce@gentoo.org
Date: Fri, 20 May 2005 14:26:03 +0200

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200504-23:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Kommander: Insecure remote script execution
      Date: April 22, 2005
   Updated: May 20, 2005
      Bugs: #89092
        ID: 200504-23:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
======

The fixed ebuild proposed in the original version of this Security
Advisory did not address all the vulnerabilities.

The updated sections appear below.

Resolution
==========

All kdewebdev users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdewebdev-3.3.2-r2"

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200504-23.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

application/pgp-signature attachment: stored

Next message: Sune Kloppenborg Jeppesen: "[Full-disclosure] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability"

Previous message: HHikita: "Re: [Full-disclosure] Can ISO15408 evaluated products be trusted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] [ GLSA 200411-16 ] zip: Path name buffer overflow
... potentially resulting in the execution of arbitrary code with the ... Security is a primary focus of Gentoo Linux and ensuring the ... Creative Commons - Attribution / Share Alike license. ...
(Full-Disclosure)
[ GLSA 200411-16 ] zip: Path name buffer overflow
... potentially resulting in the execution of arbitrary code with the ... Security is a primary focus of Gentoo Linux and ensuring the ... Creative Commons - Attribution / Share Alike license. ...
(Bugtraq)
[ GLSA 200411-16 ] zip: Path name buffer overflow
... potentially resulting in the execution of arbitrary code with the ... Security is a primary focus of Gentoo Linux and ensuring the ... Creative Commons - Attribution / Share Alike license. ...
(Full-Disclosure)
[Full-disclosure] UPDATE: [ GLSA 200506-17 ] SpamAssassin 3, Vipuls Razor: Denial of Service vulnera
... All Vipul's Razor users should upgrade to the latest version: ... Security is a primary focus of Gentoo Linux and ensuring the ... Creative Commons - Attribution / Share Alike license. ...
(Full-Disclosure)
[NEWS] Predictability and Vulnerability in the Canadian Firearms Centres On-Line Services Web Site
... Get your security news from a reliable source. ... extract valid/invalid License Numbers, but also brute-force accounts. ... secured using a Personal Identification Number (PIN). ... request for personal information, or a request for a PIN number. ...
(Securiteam)