BugTraq
Back to list
|
Post reply
GLSA: canna
Dec 20 2002 05:24PM
Daniel Ahlberg (aliz gentoo org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8
- - --------------------------------------------------------------------
PACKAGE : canna
SUMMARY : multiple vulnerabilities in canna
DATE : 2002-12-20 17:12 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
Quotes from advisory:
"hsj" of Shadow Penguin Security discovered a heap overflow
vulnerability in the irw_through function in canna server
version 3.6 and earlier."
"AIDA Shinra of Canna project found lack of validations of requests
in canna version 3.6 and earlier."
Read the full advisory at
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-i18n/canna-3.6 and earlier update their systems as follows:
emerge rsync
emerge canna
emerge clean
- - --------------------------------------------------------------------
aliz (at) gentoo (dot) org [email concealed] - GnuPG key is available at www.gentoo.org/~aliz
nakano (at) gentoo (dot) org [email concealed]
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU
u9tWg29qZEi5iFEpBhDmNfg=
=Plpf
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8
- - --------------------------------------------------------------------
PACKAGE : canna
SUMMARY : multiple vulnerabilities in canna
DATE : 2002-12-20 17:12 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
Quotes from advisory:
"hsj" of Shadow Penguin Security discovered a heap overflow
vulnerability in the irw_through function in canna server
version 3.6 and earlier."
"AIDA Shinra of Canna project found lack of validations of requests
in canna version 3.6 and earlier."
Read the full advisory at
http://canna.sourceforge.jp/sec/Canna-2002-01.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-i18n/canna-3.6 and earlier update their systems as follows:
emerge rsync
emerge canna
emerge clean
- - --------------------------------------------------------------------
aliz (at) gentoo (dot) org [email concealed] - GnuPG key is available at www.gentoo.org/~aliz
nakano (at) gentoo (dot) org [email concealed]
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU
u9tWg29qZEi5iFEpBhDmNfg=
=Plpf
-----END PGP SIGNATURE-----
[ reply ]