| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1HAcFo-0000H4-IW@artemis.annvix.ca> Date: Fri, 26 Jan 2007 18:21:16 -0700 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:028 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ulogd Date : January 26, 2007 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Buffer overflow in ulogd has unknown impact and attack vectors related to "improper string length calculations." The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0460 _______________________________________________________________________ Updated Packages: Corporate 4.0: cb3fffdef63f6e7cc08bccc05b1e882c corporate/4.0/i586/ulogd-1.23-2.1.20060mlcs4.i586.rpm 784cbd25194bb71a3c197deb80f3b634 corporate/4.0/i586/ulogd-mysql-1.23-2.1.20060mlcs4.i586.rpm 76b7cb8610d47b7813d42f9878644336 corporate/4.0/i586/ulogd-pcap-1.23-2.1.20060mlcs4.i586.rpm 235a2afc3e88863082f2e9678316e5be corporate/4.0/i586/ulogd-pgsql-1.23-2.1.20060mlcs4.i586.rpm 418d6653046ddea3f3e9bfc3b9ee25c7 corporate/4.0/i586/ulogd-sqlite-1.23-2.1.20060mlcs4.i586.rpm 9873e7960f48810dd0d8fe5f72b2ebfc corporate/4.0/SRPMS/ulogd-1.23-2.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3da5d0b9bf6af4d69f34cccecea42cfe corporate/4.0/x86_64/ulogd-1.23-2.1.20060mlcs4.x86_64.rpm bee5bd7a190f23e5c15be8b4f7b052be corporate/4.0/x86_64/ulogd-mysql-1.23-2.1.20060mlcs4.x86_64.rpm 982b1a66fccd7df9ffa3272e0303f2e4 corporate/4.0/x86_64/ulogd-pcap-1.23-2.1.20060mlcs4.x86_64.rpm e6cc11f6261021dd91b8ab970f6a1619 corporate/4.0/x86_64/ulogd-pgsql-1.23-2.1.20060mlcs4.x86_64.rpm 3e5a8211885c04b4b3df58b9e147a0e7 corporate/4.0/x86_64/ulogd-sqlite-1.23-2.1.20060mlcs4.x86_64.rpm 9873e7960f48810dd0d8fe5f72b2ebfc corporate/4.0/SRPMS/ulogd-1.23-2.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFun6JmqjQ0CJFipgRAgeIAKDzzFjWxExEMHbpzn+RLE3NJwiLcwCfSvU6 DSrLKRpU2m1uyJpM9IQ84BU= =17Rv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists