On Mon, 26 May 2008 13:37:48 +0100 Steve Kemp <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > ------------------------------------------------------------------------ > Debian Security Advisory DSA-1587-1 > [EMAIL PROTECTED] > http://www.debian.org/security/ Steve > Kemp May 26, 2008 > http://www.debian.org/security/faq > - > ------------------------------------------------------------------------ > > Package : mtr > Vulnerability : buffer overflow > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2008-2357 > > Adam Zabrocki discovered that under certain circumstances mtr, a full > screen ncurses and X11 traceroute tool, could be tricked into > executing arbitrary code via overly long reverse DNS records. > > For the stable distribution (etch), this problem has been fixed in > version 0.71-2etch1. > > For the unstable distribution (sid), this problem has been fixed in > version 0.73-1. > > We recommend that you upgrade your mtr package. mtr-tiny in Etch is still vulnerable? (0.71-2) -- Pozdrawiam, Tomek - www http://www.urug.net http://urug.gnu.pl - GnuPG KeyID: 0x70F9CEDD @ pgp.mit.edu Fingerprint: 7CD2 C47F CBD7 D15D 2D91 0E89 ADD7 CD4F 70F9 CEDD -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]