-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8 - - -------------------------------------------------------------------- PACKAGE : canna SUMMARY : multiple vulnerabilities in canna DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - - -------------------------------------------------------------------- Quotes from advisory: "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server version 3.6 and earlier." "AIDA Shinra of Canna project found lack of validations of requests in canna version 3.6 and earlier." Read the full advisory at http://canna.sourceforge.jp/sec/Canna-2002-01.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-i18n/canna-3.6 and earlier update their systems as follows: emerge rsync emerge canna emerge clean - - -------------------------------------------------------------------- alizat_private - GnuPG key is available at www.gentoo.org/~aliz nakanoat_private - - -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+A1JhfT7nyhUpoZMRAsxKAJ9fIr90urulT6eyWNwVgfVNIRM/eQCgvUIU u9tWg29qZEi5iFEpBhDmNfg= =Plpf -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Dec 20 2002 - 19:55:36 PST