- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-1
- - --------------------------------------------------------------------
PACKAGE : xpdf
SUMMARY : integer overflow
DATE : 2003-01-02 10:01 UTC
EXPLOIT : local and remote
- - --------------------------------------------------------------------
- From iDEFENSE advisory:
"The pdftops filter in the Xpdf and CUPS packages contains an integer
overflow that can be exploited to gain the privileges of the target user
or in some cases the increased privileges of the 'lp' user if installed
setuid. There are multiple ways of exploiting this vulnerability."
Read the full advisory at
http://www.idefense.com/advisory/12.23.02.txt
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-text/xpdf-1.01-r1 or earlier update their systems as
follows:
emerge rsync
emerge xpdf
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-2
- - --------------------------------------------------------------------
PACKAGE : leafnode
SUMMARY : denial of service
DATE : 2003-01-02 11:01 UTC
EXPLOIT : local and remote
- - --------------------------------------------------------------------
- From leafnode advisory:
"This vulnerability can make leafnode's nntpd server, named leafnode, go
into an unterminated loop when a particular article is requested. The
connection becomes irresponsive, and the server hogs the CPU. The client
will have to terminate the connection and connect again, and may fall
prey to the same problem; ultimately, there may be so many leafnode
processes hogging the CPU that no serious work is possible any more and
the super user has to kill all running leafnode processes."
Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=104127108823436&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
new-news/leafnode-1.9.24 or earlier update their systems as
follows:
emerge rsync
emerge leafnode
emerge clean
- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.