ID DSA-2369 Type debian Reporter Debian Modified 2011-12-21T00:00:00
Description
It was discovered that libsoup, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.
For the oldstable distribution (lenny), this problem has been fixed in version 2.4.1-2+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.30.2-1+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 2.34.3-1.
For the unstable distribution (sid), this problem has been fixed in version 2.34.3-1.
We recommend that you upgrade your libsoup2.4 packages.
{"viewCount": 0, "id": "DSA-2369", "hash": "d5e7e93a0b259ee2abec863ef61ac3ed25accafd86aa57f9f12696ff8f47245a", "description": "It was discovered that libsoup, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 2.30.2-1+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in version 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.34.3-1.\n\nWe recommend that you upgrade your libsoup2.4 packages.", "href": "http://www.debian.org/security/dsa-2369", "history": [], "edition": 1, "references": [], "cvelist": ["CVE-2011-2524"], "modified": "2011-12-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "bulletinFamily": "unix", "title": "libsoup2.4 -- insufficient input sanitization", "objectVersion": "1.2", "reporter": "Debian", "lastseen": "2016-09-02T18:24:17", "type": "debian", "affectedPackage": [{"operator": "lt", "packageName": "libsoup2.4", "packageVersion": "2.4.1-2+lenny1", "OS": "Debian GNU/Linux", "OSVersion": "5", "arch": "all", "packageFilename": "libsoup2.4_2.4.1-2+lenny1_all.deb"}, {"operator": "lt", "packageName": "libsoup2.4", "packageVersion": "2.30.2-1+squeeze1", "OS": "Debian GNU/Linux", "OSVersion": "6", "arch": "all", "packageFilename": "libsoup2.4_2.30.2-1+squeeze1_all.deb"}], "published": "2011-12-21T00:00:00", "enchantments": {"vulnersScore": 5.0}}
{"result": {"cve": [{"id": "CVE-2011-2524", "type": "cve", "title": "CVE-2011-2524", "description": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.", "published": "2011-08-31T19:55:02", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2524", "cvelist": ["CVE-2011-2524"], "lastseen": "2016-09-03T15:28:15"}], "openvas": [{"id": "OPENVAS:840715", "type": "openvas", "title": "Ubuntu Update for libsoup2.4 USN-1181-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1181-1", "published": "2011-08-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840715", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-12-04T11:27:16"}, {"id": "OPENVAS:1361412562310840715", "type": "openvas", "title": "Ubuntu Update for libsoup2.4 USN-1181-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1181-1", "published": "2011-08-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840715", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-04-06T11:36:12"}, {"id": "OPENVAS:863395", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9763", "description": "Check for the Version of libsoup", "published": "2011-08-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863395", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-07-25T10:55:47"}, {"id": "OPENVAS:70688", "type": "openvas", "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "published": "2012-02-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70688", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-07-24T12:51:02"}, {"id": "OPENVAS:136141256231070688", "type": "openvas", "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "published": "2012-02-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070688", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-04-06T11:19:26"}, {"id": "OPENVAS:1361412562310831650", "type": "openvas", "title": "Mandriva Update for libsoup MDVSA-2012:036 (libsoup)", "description": "Check for the Version of libsoup", "published": "2012-08-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831650", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-04-06T11:20:26"}, {"id": "OPENVAS:870704", "type": "openvas", "title": "RedHat Update for libsoup RHSA-2011:1102-01", "description": "Check for the Version of libsoup", "published": "2012-07-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870704", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-01-02T10:57:17"}, {"id": "OPENVAS:863546", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9820", "description": "Check for the Version of libsoup", "published": "2011-09-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863546", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-07-25T10:55:20"}, {"id": "OPENVAS:1361412562310863546", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9820", "description": "Check for the Version of libsoup", "published": "2011-09-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863546", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-04-09T11:35:25"}, {"id": "OPENVAS:1361412562310122125", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1102", "description": "Oracle Linux Local Security Checks ELSA-2011-1102", "published": "2015-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122125", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-07-24T12:53:49"}], "nessus": [{"id": "UBUNTU_USN-1181-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : libsoup2.4 vulnerability (USN-1181-1)", "description": "It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55731", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:42:11"}, {"id": "MANDRIVA_MDVSA-2012-036.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : libsoup (MDVSA-2012:036)", "description": "A vulnerability has been found and corrected in libsoup :\n\nDirectory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \\%2e\\%2e (encoded dot dot) in a URI (CVE-2011-2524).\n\nThe updated packages have been patched to correct this issue.", "published": "2012-03-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58475", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:32:55"}, {"id": "ORACLELINUX_ELSA-2011-1102.NASL", "type": "nessus", "title": "Oracle Linux 6 : libsoup (ELSA-2011-1102)", "description": "From Red Hat Security Advisory 2011:1102 :\n\nUpdated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68315", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:34:04"}, {"id": "FEDORA_2011-9763.NASL", "type": "nessus", "title": "Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)", "description": "Update to 2.34.3, including fix for CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55771", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:34:38"}, {"id": "DEBIAN_DSA-2369.NASL", "type": "nessus", "title": "Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitization", "description": "It was discovered that libsoup, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.", "published": "2012-01-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57509", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:39:32"}, {"id": "SL_20110728_LIBSOUP_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : libsoup on SL6.x i386/x86_64", "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61102", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:41:06"}, {"id": "SUSE_11_4_LIBSOUP-2_4-1-110729.NASL", "type": "nessus", "title": "openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)", "description": "This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75921", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:37:26"}, {"id": "SUSE_11_LIBSOUP-110731.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)", "description": "This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)", "published": "2011-08-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55774", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:34:52"}, {"id": "REDHAT-RHSA-2011-1102.NASL", "type": "nessus", "title": "RHEL 6 : libsoup (RHSA-2011:1102)", "description": "Updated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "published": "2011-07-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55724", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:36:56"}, {"id": "FEDORA_2011-9820.NASL", "type": "nessus", "title": "Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)", "description": "Fix CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-09-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56297", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-10-29T13:43:58"}], "oraclelinux": [{"id": "ELSA-2011-1102", "type": "oraclelinux", "title": "libsoup security update", "description": "[2.28.2-1.1]\n- Patch for CVE-2011-2524", "published": "2011-07-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1102.html", "cvelist": ["CVE-2011-2524"], "lastseen": "2016-09-04T11:16:33"}], "redhat": [{"id": "RHSA-2011:1102", "type": "redhat", "title": "(RHSA-2011:1102) Moderate: libsoup security update", "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote attacker\nwho is able to connect to that service could use this flaw to access any\nlocal files accessible to that application via a specially-crafted request.\n(CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running applications\nusing libsoup's SoupServer must be restarted for the update to take effect.\n", "published": "2011-07-28T04:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1102", "cvelist": ["CVE-2011-2524"], "lastseen": "2017-12-25T20:05:18"}], "ubuntu": [{"id": "USN-1181-1", "type": "ubuntu", "title": "libsoup vulnerability", "description": "It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.", "published": "2011-07-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/1181-1/", "cvelist": ["CVE-2011-2524"], "lastseen": "2018-03-29T18:17:04"}], "gentoo": [{"id": "GLSA-201412-09", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "published": "2014-12-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201412-09", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "lastseen": "2016-09-06T19:46:21"}]}}