Bugzilla Bug 144941

Multiple Vulnerabilities in Asterisk 1.2.10 [MU-200608-01] 
 August 23, 2006 

http://labs.musecurity.com/advisories.html 

Affected Product/Versions: 

Asterisk 1.0.0 through 1.2.10 

Product Overview: 

http://www.asterisk.org/features 

"Asterisk-based telephony solutions offer a rich and flexible feature set. 
 Asterisk offers both classical PBX functionality and advanced features, and 
 interoperates with traditional standards-based telephony systems and Voice 
 over IP systems. Asterisk offers the features one would expect of a large 
 proprietary PBX system such as Voicemail, Conference Bridging, Call Queuing, 
 and Call Detail Records." 

Vulnerability Details: 

A remote stack buffer overflow condition in Asterisk's MGCP implementation 
 could allow for arbitrary code execution. The vulnerable code is triggered 
 with the use of a malformed AUEP (audit endpoint) response message. 

A second issue exists in the handling of file names sent to the Record() 
 application which could lead to arbitrary code execution via a format string 
 attack or arbitrary file-overwrite via directory traversal techniques. The 
 impact of this vulnerability is minimal, however, as it requires an 
 administrator to use a client-controlled variable as part of the filename. 

Solution: 

Mu Security would like to thank the Asterisk security team for their 
 timely response to these issues. 

A patch for the buffer overflow is available from the following link: 
 http://ftp.digium.com/pub/asterisk/asterisk-1.2.11-patch.gz 

To protect against the Record() vulnerability, do not use user-controlled 
 variables ( eg, ${CALLERIDNAME} ) as part of the the filename argument. 

History: 
 08/10/06 - First contact with vendor 
 08/16/06 - Vendor acknowledges vulnerability 
 08/23/06 - Advisory released 

Credit: 

These vulnerabilities were discovered by the Mu Security research team. 

http://labs.musecurity.com/pgpkkey.txt 

Mu Security offers a new class of security analysis system, delivering a 
 rigorous and streamlined methodology for verifying the robustness and security 
 readiness of any IP-based product or application. Founded by the pioneers of 
 intrusion detection and prevention technology, Mu Security is backed by 
 preeminent venture capital firms that include Accel Partners, Benchmark 
 Capital and DAG Ventures. The company is headquartered in Sunnyvale, CA. For 
 more information, visit the companys website at http://www.musecurity.com.

I have updated the ebuilds and patches for zaptel-1.2.8 and asterisk-1.2.11.
However, since I am not a maintainer of these packages, I just have them local
(and tested on x86 and amd64). I tried to contact stkn and rajiv today. If
security would like me to bump these for the security fixes over
asterisk-1.2.9, let me know. I can then commit them to cvs.

Jay

As this also fixes bug #141551 I think you should go ahead.

i maintain only asterisk 1.0.x and have not heard from stkn. i suggest you bump
the ebuild if you can install and test it. thanks.

hi jay,


hi jay,
I would like to test your ebuilds, too.
Can you send or atach your ebuilds to this bug?


(In reply to comment #1)
> I have updated the ebuilds and patches for zaptel-1.2.8 and asterisk-1.2.11.
> However, since I am not a maintainer of these packages, I just have them local
> (and tested on x86 and amd64). I tried to contact stkn and rajiv today. If
> security would like me to bump these for the security fixes over
> asterisk-1.2.9, let me know. I can then commit them to cvs.
> 
> Jay
> 

I uploaded the ebuild to my dev space. See
http://dev.gentoo.org/~pfeifer/asterisk/

Just grab the 2 tbz2s or you can get the ebuilds under the net-misc dir (as
well as the zaptel patch)

Jay

Jay/Rajiv could you commit the updated ebuilds so we can call arch teams?

Hi Jay,
your Zaptel ebuild missing zaptel-1.2.0-ukcid.patch
I moved them from the official zaptel ebuild and it's compiled without errors.

Your asterisk ebuild can't get asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz

emerge -v asterisk
Calculating dependencies... done!
>>> Emerging (1 of 1) net-misc/asterisk-1.2.11 to /
>>> Downloading http://distfiles.gentoo.org/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
--06:21:07-- 
http://distfiles.gentoo.org/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
           =>
`/usr/portage/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz'
Aufl

Hi Jay,
your Zaptel ebuild missing zaptel-1.2.0-ukcid.patch
I moved them from the official zaptel ebuild and it's compiled without errors.

Your asterisk ebuild can't get asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz

emerge -v asterisk
Calculating dependencies... done!
>>> Emerging (1 of 1) net-misc/asterisk-1.2.11 to /
>>> Downloading http://distfiles.gentoo.org/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
--06:21:07-- 
http://distfiles.gentoo.org/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
           =>
`/usr/portage/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz'
Auflösen des Hostnamen »proxy«.... 172.16.172.2
Verbindungsaufbau zu proxy|172.16.172.2|:8080... verbunden.
Proxy Anforderung gesendet, warte auf Antwort... 404 Not Found
06:21:07 FEHLER 404: Not Found.

>>> Downloading http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
--06:21:07-- 
http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
           =>
`/usr/portage/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz'
Auflösen des Hostnamen »proxy«.... 172.16.172.2
Verbindungsaufbau zu proxy|172.16.172.2|:8080... verbunden.
Proxy Anforderung gesendet, warte auf Antwort... 404 Not Found
06:21:07 FEHLER 404: Not Found.

>>> Downloading http://www.netdomination.org/pub/asterisk/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
--06:21:07-- 
http://www.netdomination.org/pub/asterisk/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz
           =>
`/usr/portage/distfiles/asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz'
Auflösen des Hostnamen »proxy«.... 172.16.172.2
Verbindungsaufbau zu proxy|172.16.172.2|:8080... verbunden.
Proxy Anforderung gesendet, warte auf Antwort... 404 Not Found
06:21:07 FEHLER 404: Not Found.

!!! Couldn't download asterisk-1.2.11-bristuff-0.3.0-PRE-1p.diff.gz. Aborting.

I play now with -bri to see, if the emerge works without the error in comment
#7.

I get the following Problem:

I compiled with:
1.) -bri
2.) -bri -pri
3.) -bri -zaptel
4.) -bri -pri -zaptel

All these results in the same error:

gcc -shared -Xlinker -x -o chan_alsa.so chan_alsa.o -lasound -lm -ldl
gcc -c -O2 -mcpu=i686 -pipe  -pipe  -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations  -Iinclude -I../include
-D_REENTRANT -D_GNU_SOURCE  -O2 -mcpu=i686 -pipe -DOSP_SUPPORT
 -I/usr/include/osp -DZAPTEL_OPTIMIZATIONS        -DLOW_MEMORY
-fomit-frame-pointer  -Wno-missing-prototypes -Wno-missing-declarations
-DZAPATA_PRI -DIAX_TRUNKING -DCRYPTO -fPIC  -o chan_zap.o chan_zap.c
`-mcpu=' is deprecated. Use `-mtune=' or '-march=' instead.
`-mcpu=' is deprecated. Use `-mtune=' or '-march=' instead.
chan_zap.c: In function `zt_call':
chan_zap.c:2094: error: too few arguments to function `pri_sr_set_bearer'
chan_zap.c: In function `zt_hangup':
chan_zap.c:2492: error: too few arguments to function `pri_hangup'
chan_zap.c:2512: error: too few arguments to function `pri_hangup'
chan_zap.c: In function `zt_handle_event':
chan_zap.c:3648: error: too few arguments to function `pri_hangup'
chan_zap.c: In function `pri_dchannel':
chan_zap.c:8377: error: too few arguments to function `pri_hangup'
chan_zap.c:8535: error: too few arguments to function `pri_hangup'
chan_zap.c:8666: error: too few arguments to function `pri_hangup'
chan_zap.c:8701: error: too few arguments to function `pri_hangup'
chan_zap.c:8710: error: too few arguments to function `pri_hangup'
chan_zap.c:8718: error: too few arguments to function `pri_hangup'
chan_zap.c:8964: error: too few arguments to function `pri_hangup'
chan_zap.c:9032: error: too few arguments to function `pri_hangup'
chan_zap.c: In function `start_pri':
chan_zap.c:9244: error: too few arguments to function `pri_new'
chan_zap.c: In function `load_module':
chan_zap.c:11051: warning: passing arg 1 of `pri_set_error' from incompatible
pointer type
chan_zap.c:11052: warning: passing arg 1 of `pri_set_message' from incompatible
pointer type
make[1]: *** [chan_zap.o] Error 1
make[1]: Leaving directory
`/var/tmp/portage/asterisk-1.2.11/work/asterisk-1.2.11/channels'
make: *** [subdirs] Error 1

!!! ERROR: net-misc/asterisk-1.2.11 failed.
Call stack:
  ebuild.sh, line 1539:   Called dyn_compile
  ebuild.sh, line 939:   Called src_compile
  asterisk-1.2.11.ebuild, line 329:   Called die

!!! Make failed
!!! If you need support, post the topmost build error, and the call stack if
relevant.

!!! This ebuild is from an overlay: '/usr/local/overlay'


My emerge info: 
Portage 2.1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4,
2.6.15-gentoo-r1-skas3-v8.2 i686)
=================================================================
System uname: 2.6.15-gentoo-r1-skas3-v8.2 i686 unknown
Gentoo Base System version 1.6.14
dev-lang/python:     2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mcpu=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref
/usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg digest distlocks metadata-transfer noinfo sandbox
sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 alsa apache2 apm avi berkdb bitmap-fonts bri cli crypt cups dri eds
emboss encode esd foomaticdb fortran gdbm gif gnome gpm gstreamer ipv6 isdnlog
jpeg kde libg++ libwww mad mikmod mmx motif mp3 mpeg ncurses nls nptl ogg pam
pcre pdflib perl png pppd python quicktime readline reflection rtc sdl session
spell spl sse ssl tcpd truetype truetype-fonts type1-fonts udev vorbis xml xmms
xorg zlib elibc_glibc kernel_linux linguas_de userland_GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

OK,

Test 1:
- zaptel unmerged
- USE = -bri -pri -zaptel
= compiled cleanly

Test 2:
- zaptel-1.2.6 emerged
- USE = +bri +pri +zaptel
= don't compile

I must have forgot to upload that. Let me find it after work and upload. I will
also look at the bri compile error.

Jay

*** Bug 145966 has been marked as a duplicate of this bug. ***

Jay?
Have you found it?

(In reply to comment #10)
> I must have forgot to upload that. Let me find it after work and upload. I will
> also look at the bri compile error.
> 
> Jay
> 

We have a fix committed:

06 Sep 2006; Stefan Knoblich <stkn@gentoo.org> +asterisk-1.2.11.ebuild:

Arches please test and mark stable. Target keywords are:

asterisk-1.2.11.ebuild:KEYWORDS="~alpha ~amd64 ~hppa ~ppc sparc x86"

sparc stable.
on a side note it works fine on a couple x86 servers i handle (E1/FXO/FXS
mostly) and people might want to take care of bug #145783 before too.

1.) emerges on x86 with the following QA warnings

QA Notice: the following files contain runtime text relocations
 Text relocations force the dynamic linker to perform extra
 work at startup, waste system resources, and may pose a security
 risk.  On some architectures, the code may not even function
 properly, if at all.
 For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 Please include this file in your report:
 /var/tmp/portage/asterisk-1.2.11/temp/scanelf-textrel.log
TEXTREL usr/lib/asterisk/modules/codec_gsm.so

QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/asterisk-1.2.11/temp/scanelf-execstack.log
RWX --- --- usr/lib/asterisk/modules/codec_gsm.so

2.) passes collision-test
3.) /etc/init.d/asterisk starts 


emerge --info
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17.11 i686)
=================================================================
System uname: 2.6.17.11 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.5
Last Sync: Thu, 14 Sep 2006 16:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.3.5-r2, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv
usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal /usr/local/portage/testing"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdr cli crypt css cups dbus divx4linux dlloader dri
dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server
fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal
input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB
logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3
mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl
png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl
seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype
truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none
video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg
xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_RSYNC_EXTRA_OPTS

Version 1.2.11 compiles great, but have a Bug (Pickup).
1.2.12.1 and Zaptel 1.2.9.1 are out now.

Back to ebuild to fix the regression. UnCC'ing arches.

voip any news on this one?

this is kinda annoying... no info on the bug for more than 2 weeks...

any news from voip???

asterisk-1.2.12.1 has been uploaded today... i guess we can go for stable
marking then?

yeah I moved it from the overlay to portage after talking with stkn. I guess
marking it stable should be fine - go ahead.

btw, this has been rated C1... according to the policy that results in a target
delay of 5 days

sparc, x86 pls test net-misc/asterisk-1.2.12.1 and mark stable if possible

even adding arches to CC now ;)

sparc stable.

1.) emerges on x86, with the following QA Notices:
A Notice: the following files contain runtime text relocations
 Text relocations force the dynamic linker to perform extra
 work at startup, waste system resources, and may pose a security
 risk.  On some architectures, the code may not even function
 properly, if at all.
 For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 Please include this file in your report:
 /var/tmp/portage/asterisk-1.2.12.1/temp/scanelf-textrel.log
TEXTREL usr/lib/asterisk/modules/codec_gsm.so

QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/asterisk-1.2.12.1/temp/scanelf-execstack.log
RWX --- --- usr/lib/asterisk/modules/codec_gsm.so


2.) passes collision test
3.) daemon still starts and stops

emerge --info
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17.13 i686)
=================================================================
System uname: 2.6.17.13 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.5
Last Sync: Fri, 06 Oct 2006 14:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo
/etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv
usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal /usr/local/portage/testing"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdr cli crypt css cups dbus divx4linux dlloader dri
dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server
fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal
input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB
logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3
mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl
png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl
seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype
truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none
video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg
xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_RSYNC_EXTRA_OPTS

Can you hear me now?  Good.  x86 done.

oops this one is late.

GLSA 200610-15