Gentoo Archives: gentoo-announce

From:	aliz@gentoo.org (Daniel Ahlberg)
To:	gentoo-announce@g.o, bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject:	[gentoo-announce] GLSA: mpg123 (200309-17)
Date:	Tue, 30 Sep 2003 19:54:39
Message-Id:	`20030930143204.01DAD9FB20@noc.internal.fairytale.se`

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - ---------------------------------------------------------------------
5	GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
6	- - - ---------------------------------------------------------------------
7
8	PACKAGE : mpg123
9	SUMMARY : buffer overflow
10	DATE : 2003-09-30 14:32 UTC
11	EXPLOIT : remote
12	GENTOO BUG # : 26787
13	CVE : CAN-2003-0577
14
15	- - - ---------------------------------------------------------------------
16
17	DESCRIPTION
18
19	mpg123 contains a heap based buffer overflow that would allow an remote
20	attacker to execute arbitrary code on the victims machine.
21
22	SOLUTION
23
24	it is recommended that all Gentoo Linux users who are running
25	media-sound/mpg123 upgrade to a fixed version.
26
27	make sure that the version to be installed is either one of
28	0.59r-r3 (stable) or 0.59s-r1 (masked).
29
30	emerge sync
31	emerge mpg123 -p
32	emerge mpg123
33	emerge clean
34
35
36	- - - ---------------------------------------------------------------------
37	aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
38	- - - ---------------------------------------------------------------------
39	-----BEGIN PGP SIGNATURE-----
40	Version: GnuPG v1.2.3 (GNU/Linux)
41
42	iD8DBQE/eZPkfT7nyhUpoZMRAnwiAJ9PLTpDpa6cMaJekjdbX+b/QhqB0QCfTxhJ
43	aC2esvhlnUN1qSR9dPqjKv4=
44	=ggBo
45	-----END PGP SIGNATURE-----