Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: kon2 (200306-07)
Date: Sat, 14 Jun 2003 16:44:14
Message-Id: 20030614164100.BF7D933797@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200306-07
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : kon2
9           SUMMARY : buffer overflow
10              DATE : 2003-06-14 16:40 UTC
11           EXPLOIT : local
12 VERSIONS AFFECTED : <kon2-0.3.9b-r1
13     FIXED VERSION : >=kon2-0.3.9b-r1
14               CVE : CAN-2002-1155
15
16 - - - ---------------------------------------------------------------------
17
18 Buffer overflow in kon2 allows local users to execute arbitrary code
19 via a long -Coding command line argument.
20
21 SOLUTION
22
23 It is recommended that all Gentoo Linux users who are running
24 app-i18n/kon2 upgrade to kon2-0.3.9b-r1 as follows
25
26 emerge sync
27 emerge kon2
28 emerge clean
29
30 - - - ---------------------------------------------------------------------
31 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
32 - - - ---------------------------------------------------------------------
33 -----BEGIN PGP SIGNATURE-----
34 Version: GnuPG v1.2.2 (GNU/Linux)
35
36 iD8DBQE+61AbfT7nyhUpoZMRAsVZAJ0V9pm48Bl+oSOOcCS0uYraOH4AQwCgtv2i
37 +v9EBbjKhijkHZRreqjTV8Y=
38 =ihG/
39 -----END PGP SIGNATURE-----