Gentoo Security Advisory GLSA 200404-01 (Portage) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200404-01.

Solution

Users should upgrade to Portage 2.0.50-r3 or later: # emerge sync # emerge -pv '>=sys-apps/portage-2.0.50-r3' # emerge '>=sys-apps/portage-2.0.50-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-01 http://bugs.gentoo.org/show_bug.cgi?id=21923

Insight

A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files causing a Denial of Service attack on the system.

Severity

Classification

CVE CVE-2004-1901

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200408-09 (Roundup)
Gentoo Security Advisory GLSA 200312-08 (cvs)
Gentoo Security Advisory GLSA 200311-04 (FreeRADIUS)
Gentoo Security Advisory GLSA 200404-13 (cvs)
Gentoo Security Advisory GLSA 200312-06 (xchat)

Take action and discover your vulnerabilities