Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200711-12 (tomboy)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58751

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200711-12 (tomboy)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200711-12.

Tomboy doesn't properly handle environment variables, potentially allowing
a local attacker to execute arbitrary code.

Solution:
All Tomboy users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=app-misc/tomboy-0.8.1-r1'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-12
http://bugs.gentoo.org/show_bug.cgi?id=189249

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-4790
BugTraq ID: 25341
http://www.securityfocus.com/bid/25341
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html
http://security.gentoo.org/glsa/glsa-200711-12.xml
http://security.gentoo.org/glsa/glsa-200801-14.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:064
http://bugs.gentoo.org/show_bug.cgi?id=188806
http://osvdb.org/39577
http://osvdb.org/39578
http://secunia.com/advisories/26480
http://secunia.com/advisories/27608
http://secunia.com/advisories/27621
http://secunia.com/advisories/27799
http://secunia.com/advisories/28339
http://secunia.com/advisories/28672
SuSE Security Announcement: SUSE-SR:2005:022 (Google Search)
http://www.novell.com/linux/security/advisories/2005_22_sr.html
https://usn.ubuntu.com/560-1/
XForce ISS Database: tomboy-ldlibrarypath-privilege-escalation(36054)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36054

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58751
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200711-12 (tomboy)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200711-12. Tomboy doesn't properly handle environment variables, potentially allowing a local attacker to execute arbitrary code. Solution: All Tomboy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-misc/tomboy-0.8.1-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-12 http://bugs.gentoo.org/show_bug.cgi?id=189249 CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4790 BugTraq ID: 25341 http://www.securityfocus.com/bid/25341 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html http://security.gentoo.org/glsa/glsa-200711-12.xml http://security.gentoo.org/glsa/glsa-200801-14.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:064 http://bugs.gentoo.org/show_bug.cgi?id=188806 http://osvdb.org/39577 http://osvdb.org/39578 http://secunia.com/advisories/26480 http://secunia.com/advisories/27608 http://secunia.com/advisories/27621 http://secunia.com/advisories/27799 http://secunia.com/advisories/28339 http://secunia.com/advisories/28672 SuSE Security Announcement: SUSE-SR:2005:022 (Google Search) http://www.novell.com/linux/security/advisories/2005_22_sr.html https://usn.ubuntu.com/560-1/ XForce ISS Database: tomboy-ldlibrarypath-privilege-escalation(36054) https://exchange.xforce.ibmcloud.com/vulnerabilities/36054
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com