---

Gentoo Linux Advisories: hylafax, opera


GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03


GLSA: 200311-03
package: net-misc/hylafax
summary: Remote code exploit in hylafax
severity: normal
Gentoo bug: 33368
date: 2003-11-10
CVE: CAN-2003-0886
exploit: remote
affected: <=4.1.7
fixed: >=4.1.8

DESCRIPTION:

During a code review of the hfaxd server, the SuSE Security Team
discovered a format bug condition that allows a remote attacker to
execute arbitrary code as the root user. However, the bug cannot be
triggered in the default hylafax configuration.

SuSE-SA:2003:045 outlines the problem, and is available at
http://lwn.net/Articles/57562/

SOLUTION:

Users are encouraged to perform an ’emerge –sync’ and upgrade
the package to the latest available version. Vulnerable versions of
hylafax have been removed from portage. Specific steps to
upgrade:

emerge –sync
emerge ‘>=net-misc/hylafax-4.1.8’
emerge clean


GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02


GLSA: 200311-02
package: net-www/opera
summary: Buffer overflows in Opera 7.11 and 7.20
severity: high
Gentoo bug: 31775
date: 2003-11-19
CVE: CAN-2003-0870
exploit: local / remote
affected: =7.11
affected: =7.20
fixed: >=7.21

DESCRIPTION:

The Opera browser can cause a buffer allocated on the heap to
overflow under certain HREFs when rendering HTML. The mail system
is also deemed vulnerable and an attacker can send an email
containing a malformed HREF, or plant the malicious HREF on a web
site.

Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt
for further details.

SOLUTION:

Users are encouraged to perform an ’emerge –sync’ and upgrade
the package to the latest available version. Opera 7.22 is
recommended as Opera 7.21 is vulnerable to other security flaws.
Specific steps to upgrade:

emerge –sync
emerge ‘>=net-www/opera-7.22’
emerge clean

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis