===================================================================== CERT-Renater Note d'Information No. 2003/VULN357 _____________________________________________________________________ DATE : 25/11/2003 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems using libnids ====================================================================== - - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-07 - - --------------------------------------------------------------------------- GLSA: 200311-07 package: net-libs/libnids summary: Libnids remote code execution severity: normal Gentoo bug: 32724 date: 2003-11-22 CVE: CAN-2003-0850 exploit: remote affected: <=1.17 fixed: >=1.18 DESCRIPTION: There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. SOLUTION: It is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows: emerge sync emerge '>=net-libs/libnids-1.18' emerge clean - -- Andrea Barisani .*. Gentoo Linux Infrastructure Developer V ( ) GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) 491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================