Recently fixed major vulnerabilities
1.
About this page
This site contains recently fixed major vulnerabilities, issues that are worth additional notice, such as in #gentoo.
Important: This listing is not authoritative. Contents may be out of date. Please refer to the Gentoo Security website for a complete listing of Gentoo Linux Security Advisories. |
2.
Vulnerability listing
GLSA 200907-13: media-sound/pulseaudio - Local root compromise
| Affected package |
<media-sound/pulseaudio-0.9.9-r54 |
| Description |
Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. |
| Impact |
A local user with write access to the file system containing /usr/bin can exploit this vulnerability to gain root privileges by using a race condition. |
| Published |
2009-07-16 in GLSA 200907-13. |
GLSA 200907-12: net-misc/dhcp - Remote execution of arbitrary code with root privileges
| Affected package |
<net-misc/dhcp-3.1.1-r1 |
| Description |
The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. |
| Impact |
A remote attacker might set up a rogue DHCP server in a victim's local network, possibly leading to the execution of arbitrary code with root privileges. |
| Published |
2009-07-14 in GLSA 200907-12. |
The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-2.5 license. The Gentoo Name and Logo Usage Guidelines apply.
|
