From $URL: This release fixes a severe security issue discovered after the release of openvas-manager 2.0.2. By crafting a special report format plugin, and knowing about the operating system on which OpenVAS Manager is running, a rogue user was able to upload the plugin and execute arbitrary code with the privileges of the user running the OpenVAS Manager. This release enforces strict permissions on sensitive OpenVAS Manager files and will drop privileges when executing report format plugins if it is running with potentially dangerous privileges. Furthermore, it forces report formats to be trusted before executing them. We strongly recommended upgrading existing installations of OpenVAS-4 to openvas-manager 2.0.3.
Adding CVE assignment per: http://www.openwall.com/lists/oss-security/2011/04/20/5.
Previous opened Bug # 353191 https://bugs.gentoo.org/show_bug.cgi?id=353191
(In reply to comment #0) > We strongly recommended upgrading existing installations of OpenVAS-4 to > openvas-manager 2.0.3. Our =net-analyzer/openvas-4 now uses >=net-analyzer/openvas-manager-2.0.4 which is the only version. Closing [noglsa]
