Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||
Gentoo alert 200303-12 (qpopper)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-12 - - --------------------------------------------------------------------- PACKAGE : qpopper SUMMARY : buffer overflow DATE : 2003-03-17 09:50 UTC EXPLOIT : remote VERSIONS AFFECTED : <4.0.5 FIXED VERSION : >=4.0.5 CVE : CAN-2003-0143 - - --------------------------------------------------------------------- - From advisory: "Under certain conditions it is possible to execute arbitrary code using a buffer overflow in the recent qpopper. You need a valid username/password-combination and code is (depending on the setup) usually executed with the user's uid and gid mail." Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104739841223916&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/qpopper upgrade to qpopper-4.0.5 as follows: emerge sync emerge qpopper emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dZp5fT7nyhUpoZMRAq9XAJsFyPbrwFb1CcvL59jEKtAoymZzTwCeIw4Z p8IXHapfnjyZM1j7pcN+nW8= =OPDK -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||