[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

proto-security advisory for analog (security team, please take note)

Here is a proto-advisory for the analog hole. I have just uploaded fixed
packages for stable and unstable. I'd appreciate it if the security team
could get an advisory out for this.


Package: analog
Vulnerability: remote buffer overflow
Debian-specific: no

The version of analog in Debian 2.2 (potato) was discovered by its
author to be vulnerable to buffer overflow. The buffer overflow
is exploitable remotely via analog's CGI interface, and may be
exploitable via other avenuses such as DNS poisoning. 

The vulnerability has been corrected in analog 4.01-1potato1.
No exploits are known to exist at this time, but we recommend you
upgrade your analog package immediatly.


see shy jo, keeping his stable chroot around for the next security hole
            -- nextaw. Sigh.

Reply to: