Gentoo Security Advisory GLSA 200802-02 (doomsday) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200802-02.

Solution

While some of these issues could be resolved in 'games-fps/doomsday-1.9.0-beta5.2', the format string vulnerability (CVE-2007-4644) remains unfixed. We recommend that users unmerge Doomsday: # emerge --unmerge games-fps/doomsday http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200802-02 http://bugs.gentoo.org/show_bug.cgi?id=190835

Insight

Multiple vulnerabilities in Doomsday might allow remote execution of arbitrary code or a Denial of Service.

Severity

Classification

CVE CVE-2007-4642, CVE-2007-4643, CVE-2007-4644

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-14 (aspell)
Gentoo Security Advisory GLSA 200403-09 (mc)
Gentoo Security Advisory GLSA 200405-07 (Exim)
Gentoo Security Advisory GLSA 200409-01 (vpopmail)
Gentoo Security Advisory GLSA 200406-01 (Ethereal)

Take action and discover your vulnerabilities