TITLE: Pavuk Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA13120 VERIFY ADVISORY: http://secunia.com/advisories/13120/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Pavuk 0.x http://secunia.com/product/3633/ DESCRIPTION: Multiple vulnerabilities have been reported in Pavuk, which can be exploited by malicious people to compromise a vulnerable system. 1) Some boundary errors within the digest authentication handler can be exploited via malicious digest authentication challenges with specially crafted nonce or realm values. For more information: SA12152 2) A boundary error within the processing HTTP header information can be exploited to cause a stack-based buffer overflow. For more information: SA11975 3) Some other unspecified boundary errors can be exploited to cause buffer overflows. SOLUTION: Update to version 0.9.31. http://sourceforge.net/project/showfiles.php?group_id=81012 PROVIDED AND/OR DISCOVERED BY: 1) Matthew Murphy 2) Ulf Harnhammar 3) Reported by vendor OTHER REFERENCES: SA12152: http://secunia.com/advisories/12152/ SA11975: http://secunia.com/advisories/11975/
Daniel, please bump to 0.9.31, thanks!
Working on it..didn't even realise there were newer versions available on the sourceforge project page!
0.9.31 in portage. Sorry it took so long, it wouldn't compile with gtk support. I spent a while trying to fix it so that it would compile, but after that its definately not working properly. Disabled this for now. Should I mark the new ebuild stable?
sparc please mark pavuk-0.9.31 stable.
Stable on sparc.
Looks like ppc wasn't called to mark stable... ppc, please mark 0.9.31 stable
stable on ppc
GLSA 200411-19