| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200804040023.58157.timb@nth-dimension.org.uk>
Date: Fri, 4 Apr 2008 00:23:56 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
news@...uriteam.com
Subject: Medium security hole affecting Festival on Debian
unstable/testing and Ubuntu Hardy Heron
It has been recently been identified that the Festival text to speech server
was vulnerable to unauthenticated remote code execution. Further research
indicated that this vulnerability has already been reported as a local
privilege escalation against both the Gentoo and SuSE GNU/Linux distributions
and had assigned CVE-2007-4074. The remote form of this vulnerability was
originally identified in the default configuration of Festival 1.96~beta-5 as
distributed in Debian unstable but Ubuntu Hardy Heron was also affected. Both
Debian and Ubuntu have since released patches to resolve this flaw. An
advisory for this flaw which provides further information is attached. A
short analysis of Debian's response can be found at
http://www.nth-dimension.org.uk/blog.php?id=68.
Cheers,
Tim
--
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Download attachment "NDSA20080215.txt.asc" of type "application/pgp-keys" (3589 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists