---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Gentoo ltsp Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30161 VERIFY ADVISORY: http://secunia.com/advisories/30161/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has acknowledged some vulnerabilities within the ltsp package, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS or compromise a vulnerable system. The vulnerabilities are caused due to the inclusion of vulnerable precompiled binaries of e.g. the Linux kernel, X.org X11 server, libpng, Freetype, and OpenSSL. For more information: SA25096 SA25131 SA25461 SA25463 SA27179 SA27097 SA27434 SA27529 SA28273 SOLUTION: The vendor has masked the package "net-misc/ltsp" and recommends to unmerge it. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml OTHER REFERENCES: SA25096: http://secunia.com/advisories/25096/ SA25131: http://secunia.com/advisories/25131/ SA25461: http://secunia.com/advisories/25461/ SA25463: http://secunia.com/advisories/25463/ SA27179: http://secunia.com/advisories/27179/ SA27097: http://secunia.com/advisories/27097/ SA27434: http://secunia.com/advisories/27434/ SA27529. http://secunia.com/advisories/27529/ SA28273: http://secunia.com/advisories/28273/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------