Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Gentoo Linux Advisories: hylafax, opera

Nov 21, 2003, 15:56 (0 Talkback[s])

GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03
GLSA: 200311-03
package: net-misc/hylafax
summary: Remote code exploit in hylafax
severity: normal
Gentoo bug: 33368
date: 2003-11-10
CVE: CAN-2003-0886
exploit: remote
affected: <=4.1.7
fixed: >=4.1.8

DESCRIPTION:

During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default hylafax configuration.

SuSE-SA:2003:045 outlines the problem, and is available at http://lwn.net/Articles/57562/

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Vulnerable versions of hylafax have been removed from portage. Specific steps to upgrade:

emerge --sync
emerge '>=net-misc/hylafax-4.1.8'
emerge clean


GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
GLSA: 200311-02
package: net-www/opera
summary: Buffer overflows in Opera 7.11 and 7.20
severity: high
Gentoo bug: 31775
date: 2003-11-19
CVE: CAN-2003-0870
exploit: local / remote
affected: =7.11
affected: =7.20
fixed: >=7.21

DESCRIPTION:

The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site.

Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for further details.

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade:

emerge --sync
emerge '>=net-www/opera-7.22'
emerge clean