Full Disclosure mailing list archives
GLSA: canna
From: Daniel Ahlberg <aliz () gentoo org>
Date: Fri, 20 Dec 2002 18:24:53 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8 - - -------------------------------------------------------------------- PACKAGE : canna SUMMARY : multiple vulnerabilities in canna DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - - -------------------------------------------------------------------- Quotes from advisory: "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server version 3.6 and earlier." "AIDA Shinra of Canna project found lack of validations of requests in canna version 3.6 and earlier." Read the full advisory at http://canna.sourceforge.jp/sec/Canna-2002-01.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-i18n/canna-3.6 and earlier update their systems as follows: emerge rsync emerge canna emerge clean - - -------------------------------------------------------------------- aliz () gentoo org - GnuPG key is available at www.gentoo.org/~aliz nakano () gentoo org - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU u9tWg29qZEi5iFEpBhDmNfg= =Plpf -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: canna Daniel Ahlberg (Dec 20)