Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 33649 Details for
Bug 54452
<=net-p2p/gift-fasttrack-0.8.6 remotely crashable
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
gift-fasttrack GLSA
gift-fasttrack-glsa (text/plain), 2.00 KB, created by
Jon Hood (RETIRED)
on 2004-06-20 10:49:01 UTC
(
hide
)
Description:
gift-fasttrack GLSA
Filename:
MIME Type:
Creator:
Jon Hood (RETIRED)
Created:
2004-06-20 10:49:01 UTC
Size:
2.00 KB
patch
obsolete
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Gentoo Linux Security Advisory GLSA 200406-19 >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: Minor > Title: gift-fasttrack: remote denial of service attack > Date: June 19, 2004 > Bugs: #54452 > ID: 200406-19 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >Synopsis >======== > >There is a vulnerability where a carefully crafted signals sent to the >gift-fasttrack plugin will cause the giFT daemon to crash. > >Background >========== > >gift-fasttrack is a plugin for the giFT file-sharing application. It >allows giFT users to connect to the fasttrack network to share files. > >Affected packages >================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 net-p2p/gift-fasttrack <= 0.8.6 >= 0.8.7 > >Description >=========== > >[from http://gift-fasttrack.berlios.de/] >A remote denial of service attack has been discovered in version 0.8.6 >and prior. Even though no code execution is possible it is recommended >that you update to 0.8.7 as soon as possible. Thanks to Alan F [2] for >bringing this to our attention. > >Impact >====== > >Attackers may crash the giFT daemon on a vulnerable system. There is >no risk of code execution. > >Workaround >========== > >There is no known workaround at this time. All users are encouraged to >upgrade to the latest available version. > >Resolution >========== > >All users should upgrade to the latest available version of Gallery. > > # emerge sync > > # emerge -pv ">=net-p2p/gift-fasttrack-0.8.7" > # emerge ">=net-p2p/gift-fasttrack-0.8.7" > >References >========== > > [ 1 ] giFT-FastTrack announcement > >http://gift-fasttrack.berlios.de/ > > [ 2 ] Alan Fitton > ><alan@ajfuk.net>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 54452
:
33649
|
33650