Full Disclosure mailing list archives
GLSA: setiathome (200304-03)
From: Daniel Ahlberg <aliz () gentoo org>
Date: Wed, 9 Apr 2003 12:58:05 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200304-03 - - --------------------------------------------------------------------- PACKAGE : setiathome SUMMARY : buffer overflow DATE : 2003-04-09 10:57 UTC EXPLOIT : remote VERSIONS AFFECTED : <3.08 FIXED VERSION : >=3.08 CVE : - - --------------------------------------------------------------------- - From advisory: "There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form." Read the full advisory at: http://spoor12.edup.tudelft.nl/ SOLUTION It is recommended that all Gentoo Linux users who are running app-sci/setiathome upgrade to setiathome-3.08 as follows: emerge sync emerge setiathome emerge clean - - --------------------------------------------------------------------- aliz () gentoo org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+k/y4fT7nyhUpoZMRAgi7AJ4hG59plYUfRAafSKbRmeI++rT5ZACgs+Vk 6Pqp0YFy+4mqb7Am7f4h/PQ= =IlMz -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: setiathome (200304-03) Daniel Ahlberg (Apr 09)