Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Gentoo Linux Advisories: mpg123, teapop

Oct 01, 2003, 02:22 (0 Talkback[s])
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
PACKAGE : mpg123
SUMMARY : buffer overflow
DATE : 2003-09-30 14:32 UTC
EXPLOIT : remote
GENTOO BUG # : 26787
CVE : CAN-2003-0577

DESCRIPTION

mpg123 contains a heap based buffer overflow that would allow an remote attacker to execute arbitrary code on the victims machine.

SOLUTION

it is recommended that all Gentoo Linux users who are running media-sound/mpg123 upgrade to a fixed version.

make sure that the version to be installed is either one of 0.59r-r3 (stable) or 0.59s-r1 (masked).

emerge sync
emerge mpg123 -p
emerge mpg123
emerge clean

aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-18
PACKAGE : teapop
SUMMARY : sql injection
DATE : 2003-09-30 20:52 UTC
EXPLOIT : remote
GENTOO BUG # : 26730
CVE : CAN-2003-0515

DESCRIPTION

teapop suffers from a sql injection in the postgresql and mysql authentication module.

SOLUTION

it is recommended that all Gentoo Linux users who are running net-mail/teapop upgrade to a fixed version.

make sure that the version to be installed is atleast 0.3.7.

emerge sync
emerge teapop -p
emerge teapop
emerge clean

aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz