Bug 89861 - app-crypt/heimdal: telnet vulnerabilities (CAN-2005-0469)
|
Bug#:
89861
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: vorlon@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.pdc.kth.se/heimdal/advisory/2005-04-20/
|
|
Summary: app-crypt/heimdal: telnet vulnerabilities (CAN-2005-0469)
|
|
Keywords:
|
|
Status Whiteboard: B2 [glsa] jaervosz
|
|
Opened: 2005-04-20 13:22 0000
|
2005-04-20: telnet vulnerabilities
The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.
0.6.4 fixes this problem.
The only workaround for this bug is to not use the telnet client.
See also CAN-2005-0469
I pinged seemant on that one... he'll have a look.
it'll be in portage in about 30 minutes, sorry for the delay, everyone.
bumped to 0.6.4 in portage, and stabled on amd64. I will also test and stable
on x86, but the rest of the arch teams need to do it respectively.
stable on x86 -- hppa and sparc still outstanding
