canna Update for Debian
Posted on: 01/09/2003 12:41 PM

An updated canna package for Debian GNU/Linux has been released

Several vulnerabilities have been discovered in canna, a Japanese input system. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:

- CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server.
- CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project discovered that canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

For the current stable distribution (woody) these problems have been fixed in version 3.5b2-46.2.

For the old stable distribution (potato) these problems have been fixed in version 3.5b2-25.2.

For the unstable distribution (sid) these problems have been fixed in version 3.6p1-1.


Read more



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/canna_update_for_debian.html)