80267 2005-01-31 16:12 0000 net-misc/dante: FD_SET Overflow Vulnerability 2009-07-13 22:35:17 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All All RESOLVED FIXED http://www.inet.no/dante/announce-1.1.15 C3 [noglsa] lewk P2 minor --- 1 lewk@gentoo.org security@gentoo.org agriffis@gentoo.org kaiowas@gentoo.org lewk@gentoo.org 2005-01-31 16:12:27 0000 TITLE: Dante FD_SET Overflow Vulnerability SECUNIA ADVISORY ID: SA14071 VERIFY ADVISORY: http://secunia.com/advisories/14071/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Dante 1.x http://secunia.com/product/4583/ DESCRIPTION: 3APA3A has reported a vulnerability in Dante, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a missing boundary check when doing "FD_SET()" operations. This can be exploited to cause a buffer overflow in certain configurations by establishing multiple concurrent connections. The vulnerability has been reported in version 1.1. Other versions may also be affected. SOLUTION: Update to version 1.1.15. http://www.inet.no/dante/ PROVIDED AND/OR DISCOVERED BY: 3APA3A ORIGINAL ADVISORY: Inferno Nettverk: http://www.inet.no/dante/advisory-2005-01-28 3APA3A: http://www.security.nnov.ru/advisories/sockets.asp lewk@gentoo.org 2005-01-31 16:14:44 0000 agriffis, there is no metadata for this package, and you were the last one to bump it, so please update bump to 1.1.15 kaiowas@gentoo.org 2005-02-02 23:39:40 0000 version bumped. please test and mark stable for your arch corsair@gentoo.org 2005-02-03 04:09:19 0000 just works. stable on ppc64 gustavoz@gentoo.org 2005-02-03 05:53:58 0000 sparc good. tester@gentoo.org 2005-02-03 09:18:40 0000 x86 stable kloeri@gentoo.org 2005-02-04 13:03:57 0000 Stable on alpha. hansmi@gentoo.org 2005-02-04 14:05:10 0000 Sorry for the delay. Stable on ppc. luckyduck@gentoo.org 2005-02-04 15:22:05 0000 stable on amd64 vapier@gentoo.org 2005-02-06 02:43:35 0000 arm/hppa/ia64/s390 stable koon@gentoo.org 2005-02-06 09:21:30 0000 Please vote: only very specific conf affected -> NO ? jaervosz@gentoo.org 2005-02-06 11:16:02 0000 I vote for no GLSA here as well. Lewk? lewk@gentoo.org 2005-02-07 05:29:24 0000 Closing without GLSA. hardave@gentoo.org 2005-02-17 23:40:40 0000 Stable on mips.