[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[usagi-announce] [SECURITY] buffer overruns in Node Information Queries

To: usagi-announce@xxxxxxxxxxxxxx
Subject: [usagi-announce] [SECURITY] buffer overruns in Node Information Queries
From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Thu, 16 May 2002 03:47:25 +0900
Reply-to: usagi-announce@xxxxxxxxxxxxxx
Sender: "Hideaki YOSHIFUJI" <yoshfuji@xxxxxxxxxxxxxxxxxxxxxxxxx>

Hello,

We found a security issue (several buffer overruns) in Node Information 
Query codes in our latest stable release in April.  We've put fix 
against this problem on our ftp site. 

usagi-linux24-stable-20020408.tar.bz2 (usagi-linux24 kit) users 
should apply usagi-linux24-stable-20020408_20020516-nodeinfo.fix, 
and so on.

<ftp://ftp.linux-ipv6.org/pub/usagi/stable/kit/>
-rw-r--r--    1 yoshfuji core         3800 May 16 03:00 usagi-linux22-stable-20020408_20020516-nodeinfo.fix
-rw-r--r--    1 yoshfuji core         3811 May 16 03:01 usagi-linux24-stable-20020408_20020516-nodeinfo.fix

<ftp://ftp.linux-ipv6.org/pub/usagi/stable/split/>
-rw-r--r--    1 yoshfuji core         2150 May 16 02:53 usagi-linux22-stable-20020408-2.2.20_20020516-nodeinfo.fix
-rw-r--r--    1 yoshfuji core         2161 May 16 02:53 usagi-linux24-stable-20020408-2.4.18_20020516-nodeinfo.fix
-rw-r--r--    1 yoshfuji core         1802 May 16 03:02 usagi-tool-stable-20020408_20020516-nodeinfo.fix

Though it is not confirmed yet, older stable releases may 
have similar problem and above fixes sohuld apply.

Snap users are encouraged to update your source using "cvs 
update -d -P -A".

Thanks.

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Prev by Date: [usagi-announce] 2002/05/13 snap
Next by Date: [usagi-announce] 2002/05/27 snapshot
Previous by thread: [usagi-announce] 2002/05/13 snap
Next by thread: [usagi-announce] 2002/05/27 snapshot
Index(es):
- Date
- Thread