gtetrinet / tcpdump Update for Debian
Posted on: 12/11/2002 01:30 PM

New gtetrinet and tcpdump packages has been released for Debian GNU/Linux

DSA-206-1 tcpdump -- denial of service
The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.

This has been fixed in version 3.6.2-2.2.


Read more

DSA-205-1 gtetrinet -- buffer overflow
Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server.

This has been fixed in upstream version 0.4.4 and release 0.4.1-9woody1.1 of the Debian package.


Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/gtetrinet_tcpdump_update_for_debian.html)