Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Gentoo Linux Advisory: tla

Jun 03, 2004, 13:44 (0 Talkback[s])

Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200405-25:02

http://security.gentoo.org/


Severity: Normal
Title: tla: Multiple vulnerabilities in included libneon
Date: June 2, 2004
Bugs: #51586
ID: 200405-25:02


Errata

The fixed ebuild proposed in the original version of this Security Advisory did not address all the vulnerabilities of the tla package. All users of the tla package should upgrade to dev-util/tla-1.2-r2. The corrected sections appear below.

Affected packages


Package Vulnerable Unaffected
1 dev-util/tla <= 1.2-r1 >= 1.2-r2
dev-util/tla == 1.2.1_pre1 >= 1.2-r2

Description

Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library (GLSA 200405-01 and 200405-13). Current versions of the tla package include their own version of this library.

Resolution

All users of tla should upgrade to the latest stable version:

    # emerge sync
    # emerge -pv ">=dev-util/tla-1.2-r2"
    # emerge ">=dev-util/tla-1.2-r2"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200405-25.xml

License

Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0