[gentoo-announce] ERRATA: [ GLSA 200405-25 ] tla: Multiple vulnerabilities in included libneon - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] ERRATA: [ GLSA 200405-25 ] tla: Multiple vulnerabilities in included libneon
Date:	Wed, 02 Jun 2004 18:06:18
Message-Id:	`40BE16D9.7000605@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory [ERRATA UPDATE]        GLSA 200405-25:02

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: tla: Multiple vulnerabilities in included libneon

12

      Date: June 2, 2004

13

      Bugs: #51586

14

        ID: 200405-25:02

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Errata

19

======

20

21

The fixed ebuild proposed in the original version of this Security

22

Advisory did not address all the vulnerabilities of the tla package.

23

All users of the tla package should upgrade to dev-util/tla-1.2-r2.

24

The corrected sections appear below.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package       /    Vulnerable    /                     Unaffected

31

    -------------------------------------------------------------------

32

  1  dev-util/tla        <= 1.2-r1                           >= 1.2-r2

33

     dev-util/tla      == 1.2.1_pre1                         >= 1.2-r2

34

35

Description

36

===========

37

38

Multiple format string vulnerabilities and a heap overflow

39

vulnerability were discovered in the code of the neon library (GLSA

40

200405-01 and 200405-13). Current versions of the tla package include

41

their own version of this library.

42

43

Resolution

44

==========

45

46

All users of tla should upgrade to the latest stable version:

47

48

    # emerge sync

49

50

    # emerge -pv ">=dev-util/tla-1.2-r2"

51

    # emerge ">=dev-util/tla-1.2-r2"

52

53

Availability

54

============

55

56

This GLSA and any updates to it are available for viewing at

57

the Gentoo Security Website:

58

59

     http://security.gentoo.org/glsa/glsa-200405-25.xml

60

61

License

62

=======

63

64

Copyright 2004 Gentoo Technologies, Inc; referenced text

65

belongs to its owner(s).

66

67

The contents of this document are licensed under the

68

Creative Commons - Attribution / Share Alike license.

69

70

http://creativecommons.org/licenses/by-sa/1.0

71

72

-----BEGIN PGP SIGNATURE-----

73

Version: GnuPG v1.2.4 (GNU/Linux)

74

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

75

76

iD8DBQFAvhbZvcL1obalX08RAjK1AKCRDB8GQ7OEplG5CyZhrMltMNDzBACfZhEs

77

U6ErjQqSEonelS5vE3aKy5I=

78

=EAkW

79

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200405-25:02
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: tla: Multiple vulnerabilities in included libneon
12	Date: June 2, 2004
13	Bugs: #51586
14	ID: 200405-25:02
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Errata
19	======
20
21	The fixed ebuild proposed in the original version of this Security
22	Advisory did not address all the vulnerabilities of the tla package.
23	All users of the tla package should upgrade to dev-util/tla-1.2-r2.
24	The corrected sections appear below.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 dev-util/tla <= 1.2-r1 >= 1.2-r2
33	dev-util/tla == 1.2.1_pre1 >= 1.2-r2
34
35	Description
36	===========
37
38	Multiple format string vulnerabilities and a heap overflow
39	vulnerability were discovered in the code of the neon library (GLSA
40	200405-01 and 200405-13). Current versions of the tla package include
41	their own version of this library.
42
43	Resolution
44	==========
45
46	All users of tla should upgrade to the latest stable version:
47
48	# emerge sync
49
50	# emerge -pv ">=dev-util/tla-1.2-r2"
51	# emerge ">=dev-util/tla-1.2-r2"
52
53	Availability
54	============
55
56	This GLSA and any updates to it are available for viewing at
57	the Gentoo Security Website:
58
59	http://security.gentoo.org/glsa/glsa-200405-25.xml
60
61	License
62	=======
63
64	Copyright 2004 Gentoo Technologies, Inc; referenced text
65	belongs to its owner(s).
66
67	The contents of this document are licensed under the
68	Creative Commons - Attribution / Share Alike license.
69
70	http://creativecommons.org/licenses/by-sa/1.0
71
72	-----BEGIN PGP SIGNATURE-----
73	Version: GnuPG v1.2.4 (GNU/Linux)
74	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
75
76	iD8DBQFAvhbZvcL1obalX08RAjK1AKCRDB8GQ7OEplG5CyZhrMltMNDzBACfZhEs
77	U6ErjQqSEonelS5vE3aKy5I=
78	=EAkW
79	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce