GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
| PACKAGE | : | mpg123 |
| SUMMARY | : | buffer overflow |
| DATE | : | 2003-09-30 14:32 UTC |
| EXPLOIT | : | remote |
| GENTOO BUG # | : | 26787 |
| CVE | : | CAN-2003-0577 |
DESCRIPTION
mpg123 contains a heap based buffer overflow that would allow an
remote attacker to execute arbitrary code on the victims
machine.
SOLUTION
it is recommended that all Gentoo Linux users who are running
media-sound/mpg123 upgrade to a fixed version.
make sure that the version to be installed is either one of
0.59r-r3 (stable) or 0.59s-r1 (masked).
emerge sync
emerge mpg123 -p
emerge mpg123
emerge clean
[email protected] – GnuPG key is
available at http://dev.gentoo.org/~aliz
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-18
| PACKAGE | : | teapop |
| SUMMARY | : | sql injection |
| DATE | : | 2003-09-30 20:52 UTC |
| EXPLOIT | : | remote |
| GENTOO BUG # | : | 26730 |
| CVE | : | CAN-2003-0515 |
DESCRIPTION
teapop suffers from a sql injection in the postgresql and mysql
authentication module.
SOLUTION
it is recommended that all Gentoo Linux users who are running
net-mail/teapop upgrade to a fixed version.
make sure that the version to be installed is atleast 0.3.7.
emerge sync
emerge teapop -p
emerge teapop
emerge clean
[email protected] – GnuPG key is
available at http://dev.gentoo.org/~aliz