[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200801-06.xml - gentoo-commits

From:	"Robert Buchholz (rbu)" <rbu@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200801-06.xml
Date:	Wed, 09 Jan 2008 23:21:16
Message-Id:	`E1JCkET-0003Au-BD@stork.gentoo.org`

1

rbu         08/01/09 23:21:13

2

3

  Added:                glsa-200801-06.xml

4

  Log:

5

  GLSA 200801-06

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200801-06.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200801-06.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200801-06">

21

  <title>Xfce: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities in Xfce might allow user-assisted attackers to

24

    execute arbitrary code.

25

  </synopsis>

26

  <product type="ebuild">xfce4-panel libxfcegui4</product>

27

  <announced>January 09, 2008</announced>

28

  <revised>January 09, 2008: 01</revised>

29

  <bug>201292</bug>

30

  <bug>201293</bug>

31

  <access>remote</access>

32

  <affected>

33

    <package name="xfce-base/xfce4-panel" auto="yes" arch="*">

34

      <unaffected range="ge">4.4.2</unaffected>

35

      <vulnerable range="lt">4.4.2</vulnerable>

36

    </package>

37

    <package name="xfce-base/libxfcegui4" auto="yes" arch="*">

38

      <unaffected range="ge">4.4.2</unaffected>

39

      <vulnerable range="lt">4.4.2</vulnerable>

40

    </package>

41

  </affected>

42

  <background>

43

<p>

44

    Xfce is a GTK+ 2 based desktop environment that allows to run a modern

45

    desktop environment on modest hardware.

46

    </p>

47

  </background>

48

  <description>

49

<p>

50

    Gregory Andersen reported that Xfce4 panel does not correctly calculate

51

    memory boundaries, leading to a stack-based buffer overflow in the

52

    launcher_update_panel_entry() function (CVE-2007-6531). Daichi Kawahata

53

    reported libxfcegui4 did not copy provided values when creating

54

    "SessionClient" structs, possibly leading to access of freed memory

55

    areas (CVE-2007-6532).

56

    </p>

57

  </description>

58

  <impact type="normal">

59

<p>

60

    A remote attacker could entice a user to install a specially crafted

61

    "rc" to execute arbitrary code with file via long strings in the "Name"

62

    and "Comment" fields or via unspecified vectors involving the second

63

    vulnerability.

64

    </p>

65

  </impact>

66

  <workaround>

67

<p>

68

    There is no known workaround at this time.

69

    </p>

70

  </workaround>

71

  <resolution>

72

<p>

73

    All Xfce4 panel users should upgrade to the latest version:

74

    </p>

75

    <code>

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose &quot;&gt;=xfce-base/xfce4-panel-4.4.2&quot;</code>

78

<p>

79

    All libxfcegui4 users should upgrade to the latest version:

80

    </p>

81

    <code>

82

    # emerge --sync

83

    # emerge --ask --oneshot --verbose &quot;&gt;=xfce-base/libxfcegui4-4.4.2&quot;</code>

84

<p>

85

    Please refer to the Upgrading section of the Xfce Configuration Guide

86

    in case you are upgrading from Xfce 4.2.

87

    </p>

88

  </resolution>

89

  <references>

90

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6531">CVE-2007-6531</uri>

91

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6532">CVE-2007-6532</uri>

92

    <uri link="http://www.gentoo.org/doc/en/xfce-config.xml">Xfce Configuration Guide</uri>

93

  </references>

94

  <metadata tag="requester" timestamp="Sat, 08 Dec 2007 23:45:36 +0000">

95

p-y

96

  </metadata>

97

  <metadata tag="bugReady" timestamp="Sat, 22 Dec 2007 13:22:06 +0000">

98

rbu

99

  </metadata>

100

  <metadata tag="submitter" timestamp="Sat, 22 Dec 2007 16:37:18 +0000">

101

rbu

102

  </metadata>

103

</glsa>

--

108

gentoo-commits@l.g.o mailing list

1	rbu 08/01/09 23:21:13
2
3	Added: glsa-200801-06.xml
4	Log:
5	GLSA 200801-06
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200801-06.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-06.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200801-06.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200801-06">
21	<title>Xfce: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities in Xfce might allow user-assisted attackers to
24	execute arbitrary code.
25	</synopsis>
26	<product type="ebuild">xfce4-panel libxfcegui4</product>
27	<announced>January 09, 2008</announced>
28	<revised>January 09, 2008: 01</revised>
29	<bug>201292</bug>
30	<bug>201293</bug>
31	<access>remote</access>
32	<affected>
33	<package name="xfce-base/xfce4-panel" auto="yes" arch="*">
34	<unaffected range="ge">4.4.2</unaffected>
35	<vulnerable range="lt">4.4.2</vulnerable>
36	</package>
37	<package name="xfce-base/libxfcegui4" auto="yes" arch="*">
38	<unaffected range="ge">4.4.2</unaffected>
39	<vulnerable range="lt">4.4.2</vulnerable>
40	</package>
41	</affected>
42	<background>
43	<p>
44	Xfce is a GTK+ 2 based desktop environment that allows to run a modern
45	desktop environment on modest hardware.
46	</p>
47	</background>
48	<description>
49	<p>
50	Gregory Andersen reported that Xfce4 panel does not correctly calculate
51	memory boundaries, leading to a stack-based buffer overflow in the
52	launcher_update_panel_entry() function (CVE-2007-6531). Daichi Kawahata
53	reported libxfcegui4 did not copy provided values when creating
54	"SessionClient" structs, possibly leading to access of freed memory
55	areas (CVE-2007-6532).
56	</p>
57	</description>
58	<impact type="normal">
59	<p>
60	A remote attacker could entice a user to install a specially crafted
61	"rc" to execute arbitrary code with file via long strings in the "Name"
62	and "Comment" fields or via unspecified vectors involving the second
63	vulnerability.
64	</p>
65	</impact>
66	<workaround>
67	<p>
68	There is no known workaround at this time.
69	</p>
70	</workaround>
71	<resolution>
72	<p>
73	All Xfce4 panel users should upgrade to the latest version:
74	</p>
75	<code>
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=xfce-base/xfce4-panel-4.4.2"</code>
78	<p>
79	All libxfcegui4 users should upgrade to the latest version:
80	</p>
81	<code>
82	# emerge --sync
83	# emerge --ask --oneshot --verbose ">=xfce-base/libxfcegui4-4.4.2"</code>
84	<p>
85	Please refer to the Upgrading section of the Xfce Configuration Guide
86	in case you are upgrading from Xfce 4.2.
87	</p>
88	</resolution>
89	<references>
90	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6531">CVE-2007-6531</uri>
91	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6532">CVE-2007-6532</uri>
92	<uri link="http://www.gentoo.org/doc/en/xfce-config.xml">Xfce Configuration Guide</uri>
93	</references>
94	<metadata tag="requester" timestamp="Sat, 08 Dec 2007 23:45:36 +0000">
95	p-y
96	</metadata>
97	<metadata tag="bugReady" timestamp="Sat, 22 Dec 2007 13:22:06 +0000">
98	rbu
99	</metadata>
100	<metadata tag="submitter" timestamp="Sat, 22 Dec 2007 16:37:18 +0000">
101	rbu
102	</metadata>
103	</glsa>
104
105
106
107	--
108	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits