Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-user-es
Navigation:
Lists: gentoo-user-es: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o
From: Seemant Kulleen <seemant@g.o>
Subject: [gentoo-announce] GLSA: libmm
Date: Wed Jul 31 03:53:18 2002
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : mm - Shared Memory Abstraction library
SUMMARY         : security vulnerability in mm temp files.
DATE            : Wed Jul 31 08:44:26 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

There is a temp file vulnerability that can be used to gain root access on
a system running Apache.  Versions affected: dev-libs/mm-1.1.3-r1

DETAIL

PHP can be used to give the www-user shell access for systems running
Apache.  This temp file vulnerability can be exploited to use that to gain
root access.

This affects dev-libs/mm-1.1.3-r1

http://online.securityfocus.com/advisories/4315


SOLUTION

It is recommended that all Gentoo Linux users who are running apache
linked with mm update their systems as follows. Note, the new version will
be mm-1.2.1

emerge rsync
emerge dev-libs/mm

- ------------------------------------------------------------------------
aliz@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------

-- 
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux					http://www.gentoo.org/~seemant
_______________________________________________
gentoo-announce mailing list
gentoo-announce@g.o
http://lists.gentoo.org/mailman/listinfo/gentoo-announce

Replies:
Re: GLSA: libmm
-- Luis Mayoral
Navigation:
Lists: gentoo-user-es: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[gentoo-announce] gentoo.org downtime postponed
Next by thread:
Re: GLSA: libmm
Previous by date:
[gentoo-announce] gentoo.org downtime postponed
Next by date:
[gentoo-announce] GLSA: ppp


Updated Jun 17, 2009

Summary: Archive of the gentoo-user-es mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.