Gentoo Archives: gentoo-announce

From:	aliz@gentoo.org (Daniel Ahlberg)
To:	gentoo-announce@g.o, bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject:	[gentoo-announce] GLSA: atari800 (200309-07)
Date:	Tue, 02 Sep 2003 14:05:01
Message-Id:	`20030902140313.B97109FBB0@noc.internal.fairytale.se`

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - ---------------------------------------------------------------------
5	GENTOO LINUX SECURITY ANNOUNCEMENT 200309-07
6	- - - ---------------------------------------------------------------------
7
8	PACKAGE : atari800
9	SUMMARY : buffer overflow
10	DATE : 2003-09-02 14:03 UTC
11	EXPLOIT : local
12	VERSIONS AFFECTED : <atari800-1.3.0-r1
13	FIXED VERSION : >=atari800-1.3.0-r1
14	CVE : CAN-2003-0630
15
16	- - - ---------------------------------------------------------------------
17
18	atar800 contains a buffer overflow which could be used by an attacker
19	to gain root privileges. Altough the atari800 package in Gentoo does not
20	install any files suid root we encourage our users to upgrade.
21
22	SOLUTION
23
24	It is recommended that all Gentoo Linux users who are running
25	app-emulation/atari800 upgrade to atari800-1.3.0-r1 as follows:
26
27	emerge sync
28	emerge atari800
29	emerge clean
30
31	- - - ---------------------------------------------------------------------
32	aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
33	- - - ---------------------------------------------------------------------
34	-----BEGIN PGP SIGNATURE-----
35	Version: GnuPG v1.2.3 (GNU/Linux)
36
37	iD8DBQE/VKMhfT7nyhUpoZMRAmR0AJ9PopV3XZygpzI4/GoxVTJevEZr4wCfSeRZ
38	HdaV5oJSNjQ7ahlvDHe2ZKo=
39	=cktf
40	-----END PGP SIGNATURE-----