Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: man (200306-06)
Date: Sat, 14 Jun 2003 16:43:58
Message-Id: 20030614164050.4A8AE33786@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200306-06
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : man
9           SUMMARY : format string exploit
10              DATE : 2003-06-14 16:40 UTC
11           EXPLOIT : local
12 VERSIONS AFFECTED : <man-1.5l-r5
13     FIXED VERSION : >=man-1.5l-r5
14               CVE :
15
16 - - - ---------------------------------------------------------------------
17
18 from advisory:
19 "man v1.5l, and below, contain a format string vulnerability.
20 the vulnerability occurs when man uses an optional catalog file, supplied
21 by the NLSPATH/LANG environmental variables."
22
23 Read the full advisory at
24 http://marc.theaimsgroup.com/?l=bugtraq&m=105474717920585&w=2
25
26 SOLUTION
27
28 It is recommended that all Gentoo Linux users who are running
29 sys-apps/man upgrade to man-1.5l-r5 as follows
30
31 emerge sync
32 emerge man
33 emerge clean
34
35 - - - ---------------------------------------------------------------------
36 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
37 - - - ---------------------------------------------------------------------
38 -----BEGIN PGP SIGNATURE-----
39 Version: GnuPG v1.2.2 (GNU/Linux)
40
41 iD4DBQE+61ARfT7nyhUpoZMRAnW+AJUYWqVOLTPK6/sIllvzJRVETlRpAJ9x9DTH
42 l9z03YHvmLoi4+E05lSstQ==
43 =e66C
44 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups