---

Home Security

Gentoo Linux Advisories: xpdf, leafnode

By 

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-1
- - --------------------------------------------------------------------

PACKAGE : xpdf
SUMMARY : integer overflow
DATE    : 2003-01-02 10:01 UTC
EXPLOIT : local and remote

- - --------------------------------------------------------------------

- From iDEFENSE advisory:

"The pdftops filter in the Xpdf and CUPS packages contains an integer 
overflow that can be exploited to gain the privileges of the target user 
or in some cases the increased privileges of the 'lp' user if installed 
setuid. There are multiple ways of exploiting this vulnerability."

Read the full advisory at
http://www.idefense.com/advisory/12.23.02.txt

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/xpdf-1.01-r1 or earlier update their systems as 
follows:

emerge rsync
emerge xpdf
emerge clean

- - --------------------------------------------------------------------
[email protected] - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------


- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-2
- - --------------------------------------------------------------------

PACKAGE : leafnode
SUMMARY : denial of service
DATE    : 2003-01-02 11:01 UTC
EXPLOIT : local and remote

- - --------------------------------------------------------------------

- From leafnode advisory:

"This vulnerability can make leafnode's nntpd server, named leafnode, go
into an unterminated loop when a particular article is requested. The
connection becomes irresponsive, and the server hogs the CPU. The client
will have to terminate the connection and connect again, and may fall
prey to the same problem; ultimately, there may be so many leafnode
processes hogging the CPU that no serious work is possible any more and
the super user has to kill all running leafnode processes."

Read the full advisory at
http://marc.theaimsgroup.com/?l=bugtraq&m=104127108823436&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
new-news/leafnode-1.9.24 or earlier update their systems as 
follows:

emerge rsync
emerge leafnode
emerge clean

- - --------------------------------------------------------------------
[email protected] - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.