Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: gnocatan (200306-17)
Date: Sat, 28 Jun 2003 21:21:27
Message-Id: 20030628205102.623BF33745@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200306-17
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : gnocatan
9           SUMMARY : multiple buffer overflows and denial of service
10              DATE : 2003-06-28 20:50 UTC
11           EXPLOIT : remote
12 VERSIONS AFFECTED : <gnocatan-0.7.1-r3
13     FIXED VERSION : >=gnocatan-0.7.1-r3
14               CVE : CAN-2003-0433
15
16 - - - ---------------------------------------------------------------------
17
18 quote from Debian DSA 315-1:
19
20 "Bas Wijnen discovered that the gnocatan server is vulnerable to
21 several buffer overflows which could be exploited to execute arbitrary
22 code on the server system."
23
24 SOLUTION
25
26 It is recommended that all Gentoo Linux users who are running
27 app-games/gnocatan upgrade to gnocatan-0.7.1-r3 as follows
28
29 emerge sync
30 emerge gnocatan
31 emerge clean
32
33 - - - ---------------------------------------------------------------------
34 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
35 - - - ---------------------------------------------------------------------
36 -----BEGIN PGP SIGNATURE-----
37 Version: GnuPG v1.2.2 (GNU/Linux)
38
39 iD8DBQE+/f+1fT7nyhUpoZMRAvqqAJoCGt1wZ2rOuWXUfVu6XZ/haChrJACeNhQE
40 9gwYU/sKO+QFXdub2jqNtaE=
41 =nArH
42 -----END PGP SIGNATURE-----