[15992] in bugtraq
CONECTIVA LINUX SECURITY ANNOUNCEMENT - BITCHX
daemon@ATHENA.MIT.EDU (Security)
Thu Jul 27 18:51:13 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000727112243.B17869@conectiva.com.br>
Date: Thu, 27 Jul 2000 11:22:43 -0300
Reply-To: Security <secure@CONECTIVA.COM.BR>
From: Security <secure@CONECTIVA.COM.BR>
X-To: lwn@lwn.net, sergio@bruder.net, brain@matrix.com.br,
security-alert@linuxsecurity.com
To: BUGTRAQ@SECURITYFOCUS.COM
----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------
PACKAGE: BitchX
SUMMARY: Denial of service
DATE: 2000-07-27
AFFECTED CONECTIVA VERSIONS : 5.1
DESCRIPTION
This announcement is being re-released specifically for Conectiva Linux
5.1.
The irc client BitchX can be taken down remotely by inviting
the user to a channel with format strings in its name. By
receiving the invitation, BitchX will crash immediately.
SOLUTION
Users of BitchX must upgrade.
Conectiva Linux versions prior to 5.1 have already been patched.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/BitchX-75p3-9cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wserv-1.13-2cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/BitchX-75p3-9cl.src.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
