OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 28-Nov-2003 12:56:11
Branch: HEAD Handle: 2003112811561100
Modified files:
openpkg-web/security OpenPKG-SA-2003.050-screen.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.2 +16 -6 openpkg-web/security/OpenPKG-SA-2003.050-screen.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.050-screen.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.050-screen.txt
--- openpkg-web/security/OpenPKG-SA-2003.050-screen.txt 28 Nov 2003 11:21:06
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2003.050-screen.txt 28 Nov 2003 11:56:11
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -18,12 +21,12 @@
Dependent Packages: none
Description:
- According to a posting on Bugtraq [1], Timo Sirainen fixed a buffer
- overflow bug which allows privilege escalation in the Virtual Screen
- Manager "screen" [2], whose executable is installed setuid-root. It
- also has some potential for attackers getting control of another
- user's screen. Transfer of approximately two gigabytes of data is
- required to exploit this vulnerability.
+ Timo Sirainen reported and fixed [1] a buffer overflow bug which
+ allows privilege escalation in the Virtual Screen Manager GNU screen
+ [2], whose executable is installed setuid-root. It also has some
+ potential for attackers getting control of another user's screen.
+ Transfer of approximately two gigabytes of data is required to exploit
+ this vulnerability.
Please check whether you are affected by running "<prefix>/bin/rpm -q
screen". If you have the "screen" package installed and its version
@@ -69,3 +72,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE/xzdegHWT4GPEy58RAsiFAJ9SdpiGcqdkGM7N3CAs7DcXz1XKnQCePeyh
+gVxYO/LqYBpzsrGNEkY3omc=
+=Yp8p
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
