Launchpad has imported 13 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=372021.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://hel
This bug was fixed in the package silc-toolkit - 1.1.5-1ubuntu1
---
silc-toolkit (1.1.5-1ubuntu1) hardy; urgency=low
* SECURITY UPDATE: arbitrary code execution and denial of service via buffer
overflow.
- lib/silcutil/silcutil.c: Check the length of the fingerprint. Patch f
** Changed in: silc-toolkit (Fedora)
Status: Unknown => Fix Released
--
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
I've uploaded a Hardy fix, and the same patch is easily applied to all
previous releases. However, a comment in the Fedora bug indicates that
downgrading fixed the crash, which probably means the vulnerability is
mitigated by something else in previous releases (except perhaps Gutsy).
There's also
** Attachment added: "upstream patch"
http://launchpadlibrarian.net/12692673/CVE-2008-1227.patch
--
[CVE-2008-1227] Stack-based buffer overflow causes DoS
https://bugs.launchpad.net/bugs/202752
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to