1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- - --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-07 |
7 |
- - --------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200311-07 |
10 |
package: net-libs/libnids |
11 |
summary: Libnids remote code execution |
12 |
severity: normal |
13 |
Gentoo bug: 32724 |
14 |
date: 2003-11-22 |
15 |
CVE: CAN-2003-0850 |
16 |
exploit: remote |
17 |
affected: <=1.17 |
18 |
fixed: >=1.18 |
19 |
|
20 |
DESCRIPTION: |
21 |
|
22 |
|
23 |
There is a bug in the part of libnids code responsible for TCP reassembly. |
24 |
The flaw probably allows remote code execution. |
25 |
|
26 |
|
27 |
SOLUTION: |
28 |
|
29 |
|
30 |
It is recommended that all Gentoo Linux users who are running |
31 |
net-libs/libnids update their systems as follows: |
32 |
|
33 |
emerge sync |
34 |
emerge '>=net-libs/libnids-1.18' |
35 |
emerge clean |
36 |
|
37 |
|
38 |
- -- |
39 |
Andrea Barisani <lcars@g.o> .*. |
40 |
Gentoo Linux Infrastructure Developer V |
41 |
( ) |
42 |
GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
43 |
491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^ |
44 |
|
45 |
|
46 |
-----BEGIN PGP SIGNATURE----- |
47 |
Version: GnuPG v1.2.3 (GNU/Linux) |
48 |
|
49 |
iD8DBQE/wi78yqksfcnuCQURAmKjAJ0Y/K8Q8mbiwIvQCx44fgpNP0izoACfe4J0 |
50 |
q9x9uKfldu1ES92a1WP9Dyg= |
51 |
=t5vz |
52 |
-----END PGP SIGNATURE----- |