|
CFEngine CFServD Transaction Packet Buffer Overrun Vulnerability
Solution: This issue has been addressed in cfengine versions 2.0.8/2.0.8p1. A patch has also been made available for version 2.0.7p3. Versions prior to 2.0.0 do not include the vulnerable code, but users are advised against downgrading to cfengine 1.x since these versions are no longer maintained. Fixed versions will report exploitation attempts with the following log message: "Bad transaction packet -- too long" Gentoo has released an advisory (200310-02) and fixes for this issue. To obtain fixes, execute the folloiwng commands: emerge sync emerge -p cfengine emerge cfengine emerge clean GNU Cfengine 2.0 .0
GNU Cfengine 2.0.1
GNU Cfengine 2.0.2
GNU Cfengine 2.0.3
GNU Cfengine 2.0.4
GNU Cfengine 2.0.5
GNU Cfengine 2.0.5 b1
GNU Cfengine 2.0.5 pre2
GNU Cfengine 2.0.5 pre
GNU Cfengine 2.0.6
GNU Cfengine 2.0.7
GNU Cfengine 2.0.7 p1
GNU Cfengine 2.0.7 p3
GNU Cfengine 2.0.7 p2
GNU Cfengine 2.1 .0a8
GNU Cfengine 2.1 .0a9
GNU Cfengine 2.1 .0a6
|
|
|
Privacy Statement |
