From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce-return-113-arch-gentoo-announce=gentoo.org@gentoo.org>
Received: (qmail 20302 invoked by uid 1002); 27 May 2003 11:15:16 -0000
Mailing-List: contact gentoo-announce-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-announce@gentoo.org>
List-Help: <mailto:gentoo-announce-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-announce-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@gentoo.org
Received: (qmail 12602 invoked from network); 27 May 2003 09:15:38 -0000
From: Daniel Ahlberg <aliz@gentoo.org>
Date: Tue, 27 May 2003 11:15:07 +0200
To: gentoo-announce@gentoo.org
Subject: GLSA:  nessus (200305-10)
Message-Id: <20030527091507.8E7C133742@mail1.tamperd.net>
X-Virus-Scanned: by AMaViS 0.3.12
X-Archives-Salt: b7c7ca88-7a4e-4055-a5a6-0ee5d86c4978
X-Archives-Hash: e802b00ca336d532339fb5c3cbef004e

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-10
- - - ---------------------------------------------------------------------

          PACKAGE : nessus
          SUMMARY : problems in scripting engine
             DATE : 2003-05-27 09:15 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <nessus-2.0.6a
    FIXED VERSION : >=nessus-2.0.6a
              CVE : 

- - - ---------------------------------------------------------------------

- - From advisory:

"There exists some vulnerabilities in NASL scripting engine.
To exploit these flaws, an attacker would need to have a valid Nessus
account as well as the ability to upload arbitrary Nessus plugins in the
Nessus server (this option is disabled by default) or he/she would need to
trick a user somehow into running a specially crafted nasl script."

Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=105369506714849&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/nessus upgrade to nessus-2.0.6a as follows

emerge sync
emerge nessus
emerge clean

- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+0yyafT7nyhUpoZMRAhc5AJoDcuH24b4v2yK53aI5Ql8OvF0bjQCeKBgl
G7TUn5qJzfMnwrjMDqn5DH8=
=nrb6
-----END PGP SIGNATURE-----