10762777 2003-09-30 16:32 +0200 /52 rader/ Daniel Ahlberg <aliz@gentoo.org>
Importerad: 2003-09-30 17:28 av Brevbäraren
Extern mottagare: gentoo-announce@gentoo.org
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: full-disclosure@lists.netsys.com
Mottagare: Bugtraq (import) <29333>
Mottagare: Gentoo (-) mailimport <238>
Sänt: 2003-09-30 21:57
Ärende: GLSA: mpg123 (200309-17)
------------------------------------------------------------
From: aliz@gentoo.org (Daniel Ahlberg)
To: gentoo-announce@gentoo.org, bugtraq@securityfocus.com,
full-disclosure@lists.netsys.com
Message-ID: <20030930143204.01DAD9FB20@noc.internal.fairytale.se>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
- - - ---------------------------------------------------------------------
PACKAGE : mpg123
SUMMARY : buffer overflow
DATE : 2003-09-30 14:32 UTC
EXPLOIT : remote
GENTOO BUG # : 26787
CVE : CAN-2003-0577
- - - ---------------------------------------------------------------------
DESCRIPTION
mpg123 contains a heap based buffer overflow that would allow an
remote attacker to execute arbitrary code on the victims machine.
SOLUTION
it is recommended that all Gentoo Linux users who are running
media-sound/mpg123 upgrade to a fixed version.
make sure that the version to be installed is either one of
0.59r-r3 (stable) or 0.59s-r1 (masked).
emerge sync
emerge mpg123 -p
emerge mpg123
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/eZPkfT7nyhUpoZMRAnwiAJ9PLTpDpa6cMaJekjdbX+b/QhqB0QCfTxhJ
aC2esvhlnUN1qSR9dPqjKv4=
=ggBo
-----END PGP SIGNATURE-----
(10762777) /Daniel Ahlberg <aliz@gentoo.org>/(Ombruten)