1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03 |
7 |
- --------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200311-03 |
10 |
package: net-misc/hylafax |
11 |
summary: Remote code exploit in hylafax |
12 |
severity: normal |
13 |
Gentoo bug: 33368 |
14 |
date: 2003-11-10 |
15 |
CVE: CAN-2003-0886 |
16 |
exploit: remote |
17 |
affected: <=4.1.7 |
18 |
fixed: >=4.1.8 |
19 |
|
20 |
DESCRIPTION: |
21 |
|
22 |
During a code review of the hfaxd server, the SuSE Security Team discovered a |
23 |
format bug condition that allows a remote attacker to execute arbitrary code |
24 |
as the root user. However, the bug cannot be triggered in the default hylafax |
25 |
configuration. |
26 |
|
27 |
SuSE-SA:2003:045 outlines the problem, and is available at |
28 |
http://lwn.net/Articles/57562/ |
29 |
|
30 |
SOLUTION: |
31 |
|
32 |
Users are encouraged to perform an 'emerge --sync' and upgrade the package to |
33 |
the latest available version. Vulnerable versions of hylafax have been |
34 |
removed from portage. Specific steps to upgrade: |
35 |
|
36 |
emerge --sync |
37 |
emerge '>=net-misc/hylafax-4.1.8' |
38 |
emerge clean |
39 |
|
40 |
-----BEGIN PGP SIGNATURE----- |
41 |
Version: GnuPG v1.2.3 (Darwin) |
42 |
|
43 |
iD8DBQE/vHEAnt0v0zAqOHYRAlCAAKCLwz7O2bjXT4nIPoJNWYNfaoVURgCgkGtd |
44 |
b5odwnwTh5KQwRIIq7WzYPM= |
45 |
=D1ou |
46 |
-----END PGP SIGNATURE----- |