Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: http-fetcher
Date: Tue, 07 Jan 2003 15:54:39
Message-Id: 20030107090522.172D65700@mail2.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200301-6
6 - - --------------------------------------------------------------------
7
8 PACKAGE : http-fetcher
9 SUMMARY : buffer overflow
10 DATE    : 2003-01-07 09:01 UTC
11 EXPLOIT : remote
12
13 - - --------------------------------------------------------------------
14
15 - From advisory:
16 "HTTP Fetcher library is exposed to very fatal buffer overflow.
17 And, It influences in other several programs."
18
19 Read the full advisory at
20 http://marc.theaimsgroup.com/?l=bugtraq&m=104187658217144&w=2
21
22 SOLUTION
23
24 It is recommended that all Gentoo Linux users who are running
25 net-www/http-fetcher-1.0.1 or earlier update their systems as
26 follows:
27
28 emerge rsync
29 emerge http-fetcher
30 emerge clean
31
32 - - --------------------------------------------------------------------
33 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
34 mkennedy@g.o
35 - - --------------------------------------------------------------------
36 -----BEGIN PGP SIGNATURE-----
37 Version: GnuPG v1.2.1 (GNU/Linux)
38
39 iD8DBQE+GpibfT7nyhUpoZMRAtR8AJ95B0uA1G6/DC+T3VQN1u2LR97svgCfVUIY
40 w4ZxJhN0WS8KI+3dUPNoaqI=
41 =iWz0
42 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups