87202 2002-12-21 00:39 /47 rader/ Daniel Ahlberg <aliz@gentoo.org> Importerad: 2002-12-21 00:39 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <2838> Ärende: GLSA: canna ------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8 - - -------------------------------------------------------------------- PACKAGE : canna SUMMARY : multiple vulnerabilities in canna DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - - -------------------------------------------------------------------- Quotes from advisory: "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server version 3.6 and earlier." "AIDA Shinra of Canna project found lack of validations of requests in canna version 3.6 and earlier." Read the full advisory at http://canna.sourceforge.jp/sec/Canna-2002-01.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-i18n/canna-3.6 and earlier update their systems as follows: emerge rsync emerge canna emerge clean - - -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz nakano@gentoo.org - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU u9tWg29qZEi5iFEpBhDmNfg= =Plpf -----END PGP SIGNATURE----- (87202) /Daniel Ahlberg <aliz@gentoo.org>/----------