-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"Lead to unexpected behavior?" That is definately not the candor and honesty the world expects from what may be the leading Linux distribution, or any open source project. It reeks of proprietary vendor risk whitewashing. Either you don't understand the problem effectively, which is bad, or you are attempting to hide it, which is also bad.
Dave Aitel Immunity, Inc.
[EMAIL PROTECTED] wrote:
| - -------------------------------------------------------------------------- | Debian Security Advisory DSA 504-1 [EMAIL PROTECTED] | http://www.debian.org/security/ Martin | Schulze May 18th, 2004 http://www.debian.org/security/faq | - -------------------------------------------------------------------------- | | | Package : heimdal Vulnerability : missing input sanitising | Problem-Type : remote Debian-specific: no CVE ID : | CAN-2004-0472 | | Evgeny Demidov discovered a potential buffer overflow in a Kerberos | 4 component of heimdal, a free implementation of Kerberos 5. The | problem is present in kadmind, a server for administrative access | to the Kerberos database. This problem could perhaps be exploited | to cause the daemon to read a negative amount of data which could | lead to unexpected behaviour. | | For the stable distribution (woody) this problem has been fixed in | version 0.4e-7.woody.9. | | For the unstable distribution (sid) this problem has been fixed in | version 0.6.2-1. | | We recommend that you upgrade your heimdal and related packages. |
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAqgkSzOrqAtg8JS8RAl5KAJ4lzKgz5fioVyHXpsAX5f8wspLiCgCfYOW6 e9W61KETU5i22e+yhH6rqM4= =dh0x -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
