Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: monkeyd (200304-07.1)
Date: Mon, 28 Apr 2003 08:54:11
Message-Id: 20030428084939.6F22933919@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200304-07.1
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : monkeyd
9 SUMMARY : buffer overflow
10 DATE : 2003-04-28 08:49 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <monkeyd-0.6.2
13 FIXED VERSION : >=monkeyd-0.6.2
14 CVE :
15
16 - - - ---------------------------------------------------------------------
17
18 Previous issue contained some errors.
19
20 - - From advisory:
21
22 "A buffer overflow vulnerability exists in Monkey's handling of forms
23 submitted with the POST request method. The unchecked buffer lies in the
24 PostMethod() procedure."
25
26 Read the full advisory at:
27 http://marc.theaimsgroup.com/?l=bugtraq&m=105094204204166&w=2
28
29 SOLUTION
30
31 It is recommended that all Gentoo Linux users who are running
32 net-www/monkeyd upgrade to monkeyd-0.6.3 as follows:
33
34 emerge sync
35 emerge monkeyd
36 emerge clean
37
38 - - - ---------------------------------------------------------------------
39 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
40 - - - ---------------------------------------------------------------------
41 -----BEGIN PGP SIGNATURE-----
42 Version: GnuPG v1.2.1 (GNU/Linux)
43
44 iD8DBQE+rOsifT7nyhUpoZMRAlreAJ0UQiyUWazha/M0pN7I4Y0D7RHKDACfeoD6
45 hmP5rw4B1A62fmge6y6OiP8=
46 =FGfW
47 -----END PGP SIGNATURE-----