Gentoo Security Advisory GLSA 200404-01 (Portage) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200404-01.

Solution

Users should upgrade to Portage 2.0.50-r3 or later: # emerge sync # emerge -pv '>=sys-apps/portage-2.0.50-r3' # emerge '>=sys-apps/portage-2.0.50-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-01 http://bugs.gentoo.org/show_bug.cgi?id=21923

Insight

A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files causing a Denial of Service attack on the system.

Severity

Classification

CVE CVE-2004-1901
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200501-45 (gallery)
Gentoo Security Advisory GLSA 200404-10 ()
Gentoo Security Advisory GLSA 200409-07 (xv)
Gentoo Security Advisory GLSA 200409-21 (apache)
Gentoo Security Advisory GLSA 200406-19 (giFT-FastTrack)

Take action and discover your vulnerabilities