A vulnerability has been reported in Samhain, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an input validation error in the implementation of the SRP authentication protocol. This can be exploited to bypass authentication on a Samhain server and e.g. disclose potentially sensitive information. The vulnerability is reported in Samhain server in versions prior 2.5.4. SOLUTION: Update to version 2.5.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Ptacek. ORIGINAL ADVISORY: http://trac.la-samhna.de/samhain/ticket/150
*samhain-2.5.4 (29 Mar 2009) 29 Mar 2009; Patrick Lauer <patrick@gentoo.org> +samhain-2.5.4.ebuild: Bump to 2.5.4, adding ~amd64 keywords. Needs more testing/cleanup. Needed for #261506 New version in the tree.
thanks, closing.