Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201412-09
HistoryDec 11, 2014 - 12:00 a.m.

Multiple packages, Multiple vulnerabilities fixed in 2011

2014-12-1100:00:00
Gentoo Foundation
security.gentoo.org
19

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.922 High

EPSS

Percentile

98.9%

JSON

Background

For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild.

Description

Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.

  • FMOD Studio
  • PEAR Mail
  • LVM2
  • GnuCash
  • xine-lib
  • Last.fm Scrobbler
  • WebKitGTK+
  • shadow tool suite
  • PEAR
  • unixODBC
  • Resource Agents
  • mrouted
  • rsync
  • XML Security Library
  • xrdb
  • Vino
  • OProfile
  • syslog-ng
  • sFlow Toolkit
  • GNOME Display Manager
  • libsoup
  • CA Certificates
  • Gitolite
  • QtCreator
  • Racer

Impact

A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.

Workaround

There are no known workarounds at this time.

Resolution

All FMOD Studio users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00"

All PEAR Mail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0"

All LVM2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72"

All GnuCash users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4"

All xine-lib users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19"

All Last.fm Scrobbler users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=media-sound/lastfmplayer-1.5.4.26862-r3"

All WebKitGTK+ users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7"

All shadow tool suite users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3"

All PEAR users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1"

All unixODBC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1"

All Resource Agents users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=sys-cluster/resource-agents-1.0.4-r1"

All mrouted users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5"

All rsync users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8"

All XML Security Library users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17"

All xrdb users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9"

All Vino users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2"

All OProfile users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1"

All syslog-ng users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4"

All sFlow Toolkit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20"

All GNOME Display Manager users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3"

All libsoup users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3"

All CA Certificates users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=app-misc/ca-certificates-20110502-r1"

All Gitolite users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1"

All QtCreator users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0"

Gentoo has discontinued support for Racer. We recommend that users unmerge Racer:

 # emerge --unmerge "games-sports/racer-bin"

NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.

Related

nessus 51
openvas 76
redhat 2
oraclelinux 1
freebsd 5
securityvulns 6
osv 1
ubuntu 3
debian 3
fedora 13
prion 11
debiancve 4
ubuntucve 12
cve 9
packetstorm 1
centos 1
nessus
nessus
GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-15 00:00:00
RHEL 6 : webkitgtk (RHSA-2011:0177)
2011-01-26 00:00:00
Scientific Linux Security Update : webkitgtk on SL6.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-09
2015-09-29 00:00:00
RedHat Update for webkitgtk RHSA-2011:0177-01
2012-06-05 00:00:00
RedHat Update for webkitgtk RHSA-2011:0177-01
2012-06-05 00:00:00
redhat
redhat
(RHSA-2011:0177) Moderate: webkitgtk security update
2011-01-25 00:00:00
(RHSA-2011:0486) Moderate: xmlsec1 security and bug fix update
2011-05-04 00:00:00
oraclelinux
oraclelinux
webkitgtk security update
2011-02-10 00:00:00
freebsd
freebsd
webkit-gtk2 -- Multiple vulnerabilities
2010-12-28 00:00:00
webkit-gtk2 -- Multiple vulnerabilities
2010-09-07 00:00:00
Webkit-gtk2 -- Multiple Vulnabilities
2010-10-01 00:00:00
securityvulns
securityvulns
Apple Webkit / Safari multiple security vulnerabilities
2010-08-14 00:00:00
About the security content of Safari 5.0.1 and Safari 4.1.1
2010-08-08 00:00:00
Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM
2011-10-10 00:00:00
osv
osv
webkit - several
2011-03-10 00:00:00
ubuntu
ubuntu
WebKit vulnerabilities
2011-08-23 00:00:00
OProfile vulnerabilities
2011-07-11 00:00:00
Vino vulnerabilities
2011-05-02 00:00:00
debian
debian
[SECURITY] [DSA 2188-1] webkit security update
2011-03-10 12:16:11
[SECURITY] [DSA 2188-1] webkit security update
2011-03-10 12:16:11
[SECURITY] [DSA 2238-1] vino security update
2011-05-19 18:35:34
fedora
fedora
[SECURITY] Fedora 13 Update: webkitgtk-1.2.7-1.fc13
2011-02-18 01:51:56
[SECURITY] Fedora 13 Update: webkitgtk-1.2.6-1.fc13
2011-01-07 20:01:55
[SECURITY] Fedora 10 Update: php-pear-Mail-1.1.14-5.fc10
2009-12-01 04:41:46
prion
prion
Design/Logic Flaw
2009-11-29 13:07:00
Design/Logic Flaw
2009-11-29 13:07:00
Design/Logic Flaw
2011-03-03 01:00:00
debiancve
debiancve
CVE-2009-4023
2009-11-29 13:07:00
CVE-2009-4111
2009-11-29 13:07:00
CVE-2010-4042
2010-10-21 19:00:00
ubuntucve
ubuntucve
CVE-2009-4023
2009-11-29 00:00:00
CVE-2009-4111
2009-11-29 00:00:00
CVE-2010-1812
2010-09-09 00:00:00
cve
cve
CVE-2009-4023
2009-11-29 13:07:00
CVE-2009-4111
2009-11-29 13:07:00
CVE-2011-2471
2011-06-09 21:55:00
packetstorm
packetstorm
Racer v0.5.3 beta 5 Buffer Overflow
2009-11-26 00:00:00
centos
centos
xmlsec1 security update
2011-05-05 03:26:09

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.922 High

EPSS

Percentile

98.9%

JSON
Related for GLSA-201412-09
nessus51openvas76redhat2oraclelinux1freebsd5securityvulns6osv1ubuntu3debian3fedora13prion11debiancve4ubuntucve12cve9packetstorm1centos1