Gentoo Archives: gentoo-dev

From: Rainer Groesslinger <scandium@g.o>
To: gentoo-dev@g.o
Subject: Re: [gentoo-dev] Security Problems: xmule, lmule
Date: Tue, 19 Aug 2003 23:08:27
Message-Id: 200308200108.34719.scandium@gentoo.org
In Reply to: [gentoo-dev] Security Problems: xmule, lmule by Patrick Lauer
1 On Wednesday 20 August 2003 00:47, Patrick Lauer wrote:
2 > Hi,
3 >
4 > yesterday I found this:
5 > http://www.heise.de/newsticker/data/dab-18.08.03-000/ (in german)
6 >
7 > http://lists.netsys.com/pipermail/full-disclosure/2003-August/008449.
8 >html (english)
9 >
10 > short summary:
11 > all emule, lmule and xmule versions are vulnerable to buffer
12 > overflows including execution of malicious code.
13 >
14 > xmule 1.4.3 (portage current) is very vulnerable.
15 > xmule 1.5.6 (latest from xmule website) does not fix all known
16 > vulnerabilities.
17 >
18 > Please discourage the use of lmule and xmule until fixed versions are
19 > available.
20
21 lmule was removed from the tree several weeks ago because it isn't
22 developed anymore and unsupported for a few months now.
23
24 The problem - indeed - is, that even their latest unstable release
25 (1.5.6a) doesn't fix the problem and I observe xmule sharply and am
26 waiting for a fixed release or at least a patch.
27
28 I added an einfo about the security hole in all the xmule ebuilds and I
29 hope they release 1.4.4 or something soon (which will immediatly be
30 arch of course)
31
32 --
33 Rainer Groesslinger
34 http://dev.gentoo.org/~scandium/

Replies

Subject Author
Re: [gentoo-dev] Security Problems: xmule, lmule Rainer Groesslinger <scandium@g.o>
Re: [gentoo-dev] Security Problems: xmule, lmule Patrick Lauer <gentoo@×××××××××××××.de>