GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03
| GLSA: | 200311-03 |
| package: | net-misc/hylafax |
| summary: | Remote code exploit in hylafax |
| severity: | normal |
| Gentoo bug: | 33368 |
| date: | 2003-11-10 |
| CVE: | CAN-2003-0886 |
| exploit: | remote |
| affected: | <=4.1.7 |
| fixed: | >=4.1.8 |
DESCRIPTION:
During a code review of the hfaxd server, the SuSE Security Team
discovered a format bug condition that allows a remote attacker to
execute arbitrary code as the root user. However, the bug cannot be
triggered in the default hylafax configuration.
SuSE-SA:2003:045 outlines the problem, and is available at
http://lwn.net/Articles/57562/
SOLUTION:
Users are encouraged to perform an ’emerge –sync’ and upgrade
the package to the latest available version. Vulnerable versions of
hylafax have been removed from portage. Specific steps to
upgrade:
emerge –sync
emerge ‘>=net-misc/hylafax-4.1.8’
emerge clean
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
| GLSA: | 200311-02 |
| package: | net-www/opera |
| summary: | Buffer overflows in Opera 7.11 and 7.20 |
| severity: | high |
| Gentoo bug: | 31775 |
| date: | 2003-11-19 |
| CVE: | CAN-2003-0870 |
| exploit: | local / remote |
| affected: | =7.11 |
| affected: | =7.20 |
| fixed: | >=7.21 |
DESCRIPTION:
The Opera browser can cause a buffer allocated on the heap to
overflow under certain HREFs when rendering HTML. The mail system
is also deemed vulnerable and an attacker can send an email
containing a malformed HREF, or plant the malicious HREF on a web
site.
Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt
for further details.
SOLUTION:
Users are encouraged to perform an ’emerge –sync’ and upgrade
the package to the latest available version. Opera 7.22 is
recommended as Opera 7.21 is vulnerable to other security flaws.
Specific steps to upgrade:
emerge –sync
emerge ‘>=net-www/opera-7.22’
emerge clean