[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201006-07.xml - gentoo-commits

From:	"Tobias Heinlein (keytoaster)" <keytoaster@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201006-07.xml
Date:	Tue, 01 Jun 2010 15:36:42
Message-Id:	`20100601153639.BE24E2CE14@corvid.gentoo.org`

1

keytoaster    10/06/01 15:36:39

2

3

  Added:                glsa-201006-07.xml

4

  Log:

5

  GLSA 201006-07

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201006-07.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-07.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-07.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201006-07.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="201006-07">

21

  <title>SILC: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client,

24

    the worst of which allowing for execution of arbitrary code.

25

  </synopsis>

26

  <product type="ebuild">silc-toolkit silc-client</product>

27

  <announced>June 01, 2010</announced>

28

  <revised>June 01, 2010: 01</revised>

29

  <bug>284561</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="net-im/silc-toolkit" auto="yes" arch="*">

33

      <unaffected range="ge">1.1.10</unaffected>

34

      <vulnerable range="lt">1.1.10</vulnerable>

35

    </package>

36

    <package name="net-im/silc-client" auto="yes" arch="*">

37

      <unaffected range="ge">1.1.8</unaffected>

38

      <vulnerable range="lt">1.1.8</vulnerable>

39

    </package>

40

  </affected>

41

  <background>

42

<p>

43

    SILC (Secure Internet Live Conferencing protocol) Toolkit is a software

44

    development kit for use in clients, and SILC Client is an IRSSI-based

45

    text client.

46

    </p>

47

  </background>

48

  <description>

49

<p>

50

    Multiple vulnerabilities were discovered in SILC Toolkit and SILC

51

    Client. For further information please consult the CVE entries

52

    referenced below.

53

    </p>

54

  </description>

55

  <impact type="normal">

56

<p>

57

    A remote attacker could overwrite stack locations and possibly execute

58

    arbitrary code via a crafted OID value, Content-Length header or format

59

    string specifiers in a nickname field or channel name.

60

    </p>

61

  </impact>

62

  <workaround>

63

<p>

64

    There is no known workaround at this time.

65

    </p>

66

  </workaround>

67

  <resolution>

68

<p>

69

    All SILC Toolkit users should upgrade to the latest version:

70

    </p>

71

    <code>

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose &quot;&gt;=net-im/silc-toolkit-1.1.10&quot;</code>

74

<p>

75

    All SILC Client users should upgrade to the latest version:

76

    </p>

77

    <code>

78

    # emerge --sync

79

    # emerge --ask --oneshot --verbose &quot;&gt;=net-im/silc-client-1.1.8&quot;</code>

80

  </resolution>

81

  <references>

82

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7159">CVE-2008-7159</uri>

83

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7160">CVE-2008-7160</uri>

84

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3051">CVE-2009-3051</uri>

85

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163">CVE-2009-3163</uri>

86

  </references>

87

  <metadata tag="requester" timestamp="Sat, 22 May 2010 11:17:59 +0000">

88

    craig

89

  </metadata>

90

  <metadata tag="submitter" timestamp="Thu, 27 May 2010 13:36:35 +0000">

91

    keytoaster

92

  </metadata>

93

  <metadata tag="bugReady" timestamp="Thu, 27 May 2010 17:55:42 +0000">

94

    vorlon

95

  </metadata>

96

</glsa>

1	keytoaster 10/06/01 15:36:39
2
3	Added: glsa-201006-07.xml
4	Log:
5	GLSA 201006-07
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201006-07.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-07.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201006-07.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201006-07.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="201006-07">
21	<title>SILC: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client,
24	the worst of which allowing for execution of arbitrary code.
25	</synopsis>
26	<product type="ebuild">silc-toolkit silc-client</product>
27	<announced>June 01, 2010</announced>
28	<revised>June 01, 2010: 01</revised>
29	<bug>284561</bug>
30	<access>remote</access>
31	<affected>
32	<package name="net-im/silc-toolkit" auto="yes" arch="*">
33	<unaffected range="ge">1.1.10</unaffected>
34	<vulnerable range="lt">1.1.10</vulnerable>
35	</package>
36	<package name="net-im/silc-client" auto="yes" arch="*">
37	<unaffected range="ge">1.1.8</unaffected>
38	<vulnerable range="lt">1.1.8</vulnerable>
39	</package>
40	</affected>
41	<background>
42	<p>
43	SILC (Secure Internet Live Conferencing protocol) Toolkit is a software
44	development kit for use in clients, and SILC Client is an IRSSI-based
45	text client.
46	</p>
47	</background>
48	<description>
49	<p>
50	Multiple vulnerabilities were discovered in SILC Toolkit and SILC
51	Client. For further information please consult the CVE entries
52	referenced below.
53	</p>
54	</description>
55	<impact type="normal">
56	<p>
57	A remote attacker could overwrite stack locations and possibly execute
58	arbitrary code via a crafted OID value, Content-Length header or format
59	string specifiers in a nickname field or channel name.
60	</p>
61	</impact>
62	<workaround>
63	<p>
64	There is no known workaround at this time.
65	</p>
66	</workaround>
67	<resolution>
68	<p>
69	All SILC Toolkit users should upgrade to the latest version:
70	</p>
71	<code>
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.10"</code>
74	<p>
75	All SILC Client users should upgrade to the latest version:
76	</p>
77	<code>
78	# emerge --sync
79	# emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.8"</code>
80	</resolution>
81	<references>
82	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7159">CVE-2008-7159</uri>
83	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7160">CVE-2008-7160</uri>
84	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3051">CVE-2009-3051</uri>
85	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3163">CVE-2009-3163</uri>
86	</references>
87	<metadata tag="requester" timestamp="Sat, 22 May 2010 11:17:59 +0000">
88	craig
89	</metadata>
90	<metadata tag="submitter" timestamp="Thu, 27 May 2010 13:36:35 +0000">
91	keytoaster
92	</metadata>
93	<metadata tag="bugReady" timestamp="Thu, 27 May 2010 17:55:42 +0000">
94	vorlon
95	</metadata>
96	</glsa>

Gentoo Archives: gentoo-commits