[Full-disclosure] FLEA-2007-0007-1: nas
Foresight Linux Essential Announcement Service
foresight-security-noreply at foresightlinux.org
Tue Apr 3 20:58:04 BST 2007
Foresight Linux Essential Advisory: 2007-0007-1
Published: 2007-04-03
Rating: Informational
Updated Versions:
nas=/conary.rpath.com at rpl:devel/1.8b-1-2
group-dist=/foresight.rpath.org at fl:1-devel//1/1.1-0.12-1
References:
https://issues.rpath.com/browse/RPL-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547
Description:
Previous versions of the nas package were vulnerable to a number of buffer
overflows, NULL and invalid pointers, and an int overflow. Foresight Linux is
not vulnerable to any of these by default, as Foresight does not ship the
initscript which starts the nas daemon.
Full-Disclosure is hosted and sponsored by Secunia.