LibMCrypt Memory Leak Resource Exhaustion Vulnerability

Solution:
This vulnerability has been reported as being fixed in libcrypt versions 2.5.5 and later.

Gentoo Linux has released an advisory. Users who have installed dev-libs/libmcrypt-2.5.1-r4 or earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge libmcrypt
emerge clean

Conectiva has released a security advisory (CLA-2003:567) containing fixes. Users are advised to upgrade their mcrypt package as soon as possible.

Fixes:


Mcrypt libmcrypt 2.4.10

Mcrypt libmcrypt 2.4.15

Mcrypt libmcrypt 2.4.18

Mcrypt libmcrypt 2.4.20

Mcrypt libmcrypt 2.4.7

Mcrypt libmcrypt 2.4.9

Mcrypt libmcrypt 2.5 .0

Mcrypt libmcrypt 2.5.2

Mcrypt libmcrypt 2.5.3


 

Privacy Statement
Copyright 2010, SecurityFocus