pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7729 Location: Underworld
|
Posted: Fri Jul 11, 2003 5:56 pm Post subject: [gentoo-security] GLSA: ypserv (200307-04) |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-04
- - - ---------------------------------------------------------------------
PACKAGE : ypserv
SUMMARY : denial of service
DATE : 2003-07-11 14:27 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <ypserv-2.8
FIXED VERSION : >=ypserv-2.8
CVE : CAN-2003-0251
- - - ---------------------------------------------------------------------
quote from CVE:
"ypserv NIS server before 2.7 allows remote attackers to cause a denial
of service via a TCP client request that does not respond to the server,
which causes ypserv to block."
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-nds/ypserv upgrade to ypserv-2.8 as follows
emerge sync
emerge ypserv
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/DslAfT7nyhUpoZMRAlifAKCJuEv32S1Tsb5ErNVsfHrkxcmIuACfa8Fo
avi3km4Y6pngjxw9QCPcSHs=
=o3G/
-----END PGP SIGNATURE----- _________________ "I'm just very selective about the reality I choose to accept." -- Calvin |
|