Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 191479 - net-libs/librpcsecgss < 0.16 Buffer Overflow (CVE-2007-3999)
Summary: net-libs/librpcsecgss < 0.16 Buffer Overflow (CVE-2007-3999)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major
Assignee: Gentoo Security
URL: http://secunia.com/advisories/26705/
Whiteboard: B0/1? [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-06 10:47 UTC by Matt Fleming (RETIRED)
Modified: 2020-04-03 06:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Fleming (RETIRED) gentoo-dev 2007-09-06 10:47:47 UTC 
A vulnerability has been reported in librpcsecgss, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is reported in versions prior to 0.15. For further information see bug #191301
Comment 1 Matt Fleming (RETIRED) gentoo-dev 2007-09-06 10:49:47 UTC 
CC'ing herd and setting whiteboard status.
Comment 2 SpanKY gentoo-dev 2007-09-06 17:14:01 UTC 
librpcsecgss-0.15 now in the tree
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-07 11:47:18 UTC 
thanks mike.
Arches, please test and mark stable net-libs/librpcsecgss-0.16.
Target keywords are: "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2007-09-07 15:04:06 UTC 
Marked stable for HPPA:
  =net-libs/libgssglue-0.1
  =net-libs/librpcsecgss-0.16
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-09-07 17:58:17 UTC 
ppc stable
Comment 6 Steve Dibb (RETIRED) gentoo-dev 2007-09-08 00:54:47 UTC 
amd64 stable
Comment 7 Markus Meier gentoo-dev 2007-09-08 12:43:50 UTC 
net-libs/libgssglue-0.1 causes a collision on my system, see bug 191561. this happens with app-crypt/libgssapi-0.10 and app-crypt/libgssapi-0.11.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-09 12:12:48 UTC 
x86 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2007-09-09 15:34:41 UTC 
alpha/ia64 stable
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2007-09-09 16:19:39 UTC 
ppc64 stable
Comment 11 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2007-09-13 08:36:26 UTC 
sparc stable
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-04 22:01:02 UTC 
GLSA 200710-01