Gentoo Linux Advisories: hylafax, operaNov 21, 2003, 15:56 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03
During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default hylafax configuration.
SuSE-SA:2003:045 outlines the problem, and is available at http://lwn.net/Articles/57562/
Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Vulnerable versions of hylafax have been removed from portage. Specific steps to upgrade:
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site.
Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for further details.
Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade:
0 Talkback[s] (click to add your comment)