Package(s):	hylafax	CVE #(s):	CAN-2003-0886
Created:	November 10, 2003	Updated:	November 20, 2003
Description:	Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax's default configuration. The "capi4hylafax" packages also need to be updated as a dependency where they are available. Upgrading to version 4.1.8 fixes the problem; see this advisory for details.
Alerts:	Gentoo 200311-03 net-misc/hylafax 2003-11-10 Debian DSA-401-1 hylafax 2003-11-17 Conectiva CLA-2003:783 hylafax 2003-11-12 Mandrake MDKSA-2003:105 hylafax 2003-11-11 SuSE SuSE-SA:2003:045 hylafax 2003-11-10

---

to post comments