Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 33368 - Updated hylafax 4.1.8 package fixes remote root vulnerability
Summary: Updated hylafax 4.1.8 package fixes remote root vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
Keywords: SECURITY
: 33233 (view as bug list)
Depends on:
Reported: 2003-11-12 23:31 UTC by Steve Arnold
Modified: 2003-12-10 15:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Steve Arnold gentoo-dev 2003-11-12 23:31:17 UTC
During a code review of the hfaxd server, part of the hylafax package, the SuSE
Security Team discovered a format bug condition that allows remote attackers to
execute arbitrary code as the root user. Updated packages have been patched to
correct the problem.

Reproducible: Always
Steps to Reproduce:
Comment 1 solar (RETIRED) gentoo-dev 2003-11-13 14:51:21 UTC
This is updated in portage now? 

Comment 2 Steve Arnold gentoo-dev 2003-11-13 16:26:50 UTC
The 4.1.8 release of Hylafax is the official fixed package from (but I guess the SuSe and Mandrake folks fixed older versions to match their stable packages).
Comment 3 Steve Arnold gentoo-dev 2003-11-13 17:27:15 UTC
Maybe that makes more sense...
Comment 4 solar (RETIRED) gentoo-dev 2003-11-14 00:14:31 UTC
*** Bug 33233 has been marked as a duplicate of this bug. ***
Comment 5 Steve Arnold gentoo-dev 2003-11-14 23:14:09 UTC
I guess they don't archive the Announce list, which is why I couldn't find the official announcement in the User list...  Here it is:
Comment 6 Daniel Robbins (RETIRED) gentoo-dev 2003-11-19 14:00:18 UTC
OK, this GLSA seems to be online as:


But it has not been sent?
Comment 7 solar (RETIRED) gentoo-dev 2003-12-10 15:05:03 UTC
changing resolution to FIXED