Gentoo Security Advisory GLSA 200511-05 (gnump3d) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200511-05.

Solution

All GNUMP3d users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/gnump3d-2.9.7' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200511-05 http://bugs.gentoo.org/show_bug.cgi?id=109667

Insight

GNUMP3d is vulnerable to directory traversal and cross-site scripting attacks that may result in information disclosure or the compromise of a browser.

Severity

Classification

CVE CVE-2005-3123, CVE-2005-3424, CVE-2005-3425

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200407-07 (Shorewall)
Gentoo Security Advisory GLSA 200404-17 (ipsec-utils)
Gentoo Security Advisory GLSA 200406-11 (horde-imp)
Gentoo Security Advisory GLSA 200411-09 (shadow)
Gentoo Security Advisory GLSA 200502-11 (mailman)

Take action and discover your vulnerabilities