Gentoo Linux Advisories: hylafax, opera

Nov 21, 2003, 15:56 (0 Talkback[s])

GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03

GLSA:	200311-03
package:	net-misc/hylafax
summary:	Remote code exploit in hylafax
severity:	normal
Gentoo bug:	33368
date:	2003-11-10
CVE:	CAN-2003-0886
exploit:	remote
affected:	<=4.1.7
fixed:	>=4.1.8

DESCRIPTION:

During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default hylafax configuration.

SuSE-SA:2003:045 outlines the problem, and is available at http://lwn.net/Articles/57562/

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Vulnerable versions of hylafax have been removed from portage. Specific steps to upgrade:

emerge --sync
emerge '>=net-misc/hylafax-4.1.8'
emerge clean

GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02

GLSA:	200311-02
package:	net-www/opera
summary:	Buffer overflows in Opera 7.11 and 7.20
severity:	high
Gentoo bug:	31775
date:	2003-11-19
CVE:	CAN-2003-0870
exploit:	local / remote
affected:	=7.11
affected:	=7.20
fixed:	>=7.21

DESCRIPTION:

The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site.

Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for further details.

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade:

emerge --sync
emerge '>=net-www/opera-7.22'
emerge clean

Top White Papers

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Gentoo Linux Advisories: hylafax, opera