Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
| Navigation: |
|
Lists:
gentoo-ppc-dev:
< Prev
By Thread
Next >
< Prev
By Date
Next >
|
| Headers: |
|
To:
|
gentoo-announce@g.o, lwn@..., gentoo-user@g.o, gentoo-dev@g.o, gentoo-desktop@g.o, gentoo-newbies@g.o, gentoo-security@g.o, gentoo-sparc@g.o, gentoo-user@g.o, gentoo-user-es@g.o, gentooppc-dev@g.o, gentooppc-user@g.o
|
|
From:
|
Seemant Kulleen <seemant@g.o>
|
|
Subject:
|
GLSA: glibc
|
|
Date:
|
Sat Jul 13 17:03:11 2002
|
|
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : glibc
SUMMARY : buffer overflow vulnerability in glibc
DATE : Sat Jul 13 21:36:11 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
The DNS resolver code in glibc may allow a remote attacker to send
malicious dns responses to execute arbitrary code or cause a denial of
service attack on affected systems.
DETAIL
Any code run by the attacker would run with the same privileges as the
process which calls the resolver library. Additionally, the attacker may
cause one of the services on the victim machine to make DNS requests to a
server under the attacker's control and execute more arbitrary code.
http://www.cert.org/advisories/CA-2002-19.html
http://bugs.gentoo.org/show_bug.cgi?id=4923
SOLUTION
It is recommended that all Gentoo Linux users update their systems as
follows.
emerge --clean rsync
emerge glibc
emerge clean
- ------------------------------------------------------------------------
MichaelThompson@...
azarah@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------
|
|
