[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)

On Tue, Jan 30, 2007 at 02:36:23AM +0200, Achilleas Kotsis wrote:
> Hello,
> according to CVE-2007-0460, ulogd is prone to several vulnerabilities
> due to improper string length calculations. ulogd is running as root,
> and the vulnerability is thought to be remotely exploitable, so I guess
> this is serious...
> As a package maintainer, I have uploaded a new package in unstable
> (1.23-6) just fixing these problems using a slightly adjusted patch from
> SuSE, that could also be used in testing (1.23-5), if unblocked by the
> Release Management team.

Confirmed fixed in 1.23-6. I can't check the diff yet, as merkel hasn't
picked up that it's there. I'll be tracking it though :)

<h01ger> I miss a computer physically... I can ping it, but don't know where 
	it is...

Attachment: signature.asc
Description: Digital signature

Reply to: