| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20021220172453.C76E233BD8@mail1.tamperd.net> From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: canna -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8 - - -------------------------------------------------------------------- PACKAGE : canna SUMMARY : multiple vulnerabilities in canna DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - - -------------------------------------------------------------------- Quotes from advisory: "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server version 3.6 and earlier." "AIDA Shinra of Canna project found lack of validations of requests in canna version 3.6 and earlier." Read the full advisory at http://canna.sourceforge.jp/sec/Canna-2002-01.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-i18n/canna-3.6 and earlier update their systems as follows: emerge rsync emerge canna emerge clean - - -------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at www.gentoo.org/~aliz nakano@...too.org - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU u9tWg29qZEi5iFEpBhDmNfg= =Plpf -----END PGP SIGNATURE-----
Powered by blists - more mailing lists