Gentoo Security Advisory GLSA 200511-05 (gnump3d) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200511-05.

Solution

All GNUMP3d users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/gnump3d-2.9.7' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-05 http://bugs.gentoo.org/show_bug.cgi?id=109667

Insight

GNUMP3d is vulnerable to directory traversal and cross-site scripting attacks that may result in information disclosure or the compromise of a browser.

Severity

Classification

CVE CVE-2005-3123, CVE-2005-3424, CVE-2005-3425
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200312-08 (cvs)
Gentoo Security Advisory GLSA 200401-03 (mod_python)
Gentoo Security Advisory GLSA 200404-06 ()
Gentoo Security Advisory GLSA 200408-02 (Courier)
Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS)

Take action and discover your vulnerabilities