During a code review of the hfaxd server, part of the hylafax package, the SuSE
Security Team discovered a format bug condition that allows remote attackers to
execute arbitrary code as the root user. Updated packages have been patched to
correct the problem.
Steps to Reproduce:
This is updated in portage now?
The 4.1.8 release of Hylafax is the official fixed package from ftp.hylafax.org (but I guess the SuSe and Mandrake folks fixed older versions to match their stable packages).
Maybe that makes more sense...
*** Bug 33233 has been marked as a duplicate of this bug. ***
I guess they don't archive the Announce list, which is why I couldn't find the official announcement in the User list... Here it is:
OK, this GLSA seems to be online as:
But it has not been sent?
changing resolution to FIXED