From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Newsgroups: gmane.emacs.help
Subject: [gentoo-announce] [ GLSA 200506-24 ] Heimdal: Buffer overflow
	vulnerabilities
Date: Wed, 29 Jun 2005 13:32:40 +0200
Organization: Gentoo Linux Security Team
Message-ID: <200506291332.46926.jaervosz__11370.7043616616$1120047010$gmane$org@gentoo.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0853001278=="
X-Trace: sea.gmane.org 1120047010 21868 80.91.229.2 (29 Jun 2005 12:10:10 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 29 Jun 2005 12:10:10 +0000 (UTC)
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
	security-alerts@linuxsecurity.com
Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Wed Jun 29 14:10:06 2005
Return-path: <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1DnbN6-0008BO-VR
	for geh-help-gnu-emacs@m.gmane.org; Wed, 29 Jun 2005 14:08:53 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1DnbV9-0000CK-FY
	for geh-help-gnu-emacs@m.gmane.org; Wed, 29 Jun 2005 08:17:11 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1DnbJ6-0003BO-QN
	for help-gnu-emacs@gnu.org; Wed, 29 Jun 2005 08:04:45 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1DnbJ4-0003AL-Hg
	for help-gnu-emacs@gnu.org; Wed, 29 Jun 2005 08:04:43 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1DnbJ3-00039t-Be
	for help-gnu-emacs@gnu.org; Wed, 29 Jun 2005 08:04:41 -0400
Original-Received: from [140.105.134.102] (helo=robin.gentoo.org)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1DnbMG-0001Ns-Hn
	for help-gnu-emacs@gnu.org; Wed, 29 Jun 2005 08:08:01 -0400
Original-Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j5TBxx8j030469;
	Wed, 29 Jun 2005 11:59:59 GMT
Original-Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j5TBda2g011666
	for <gentoo-announce@lists.gentoo.org>; Wed, 29 Jun 2005 11:39:39 GMT
Original-Received: from pfepc.post.tele.dk ([195.41.46.237])
	by smtp.gentoo.org with esmtp (Exim 4.43) id 1DnavQ-0003qN-Aa
	for gentoo-announce@lists.gentoo.org; Wed, 29 Jun 2005 11:40:16 +0000
Original-Received: from [192.168.2.2] (0x50c70c8b.adsl-fixed.tele.dk [80.199.12.139])
	by pfepc.post.tele.dk (Postfix) with ESMTP id 167F2262850;
	Wed, 29 Jun 2005 13:40:08 +0200 (CEST)
Original-To: gentoo-announce@lists.gentoo.org
User-Agent: KMail/1.8.1
X-GPG-Key: http://home.coming.dk/skj.pub.gpg
Precedence: bulk
X-BeenThere: gentoo-announce@gentoo.org
X-BeenThere: help-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.5
List-Id: Users list for the GNU Emacs text editor <help-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/help-gnu-emacs>
List-Post: <mailto:help-gnu-emacs@gnu.org>
List-Help: <mailto:help-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org
Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.help:27713
X-Report-Spam: http://spam.gmane.org/gmane.emacs.help:27713

--===============0853001278==
Content-Type: multipart/signed; boundary="nextPart7476482.RR4ShtGTiK";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart7476482.RR4ShtGTiK
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Heimdal: Buffer overflow vulnerabilities
      Date: June 29, 2005
      Bugs: #96727
        ID: 200506-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple buffer overflow vulnerabilities in Heimdal's telnetd server
could allow the execution of arbitrary code.

Background
==========

Heimdal is a free implementation of Kerberos 5 that includes a telnetd
server.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  app-crypt/heimdal       < 0.6.5                          >= 0.6.5

Description
===========

It has been reported that the "getterminaltype" function of Heimdal's
telnetd server is vulnerable to buffer overflows.

Impact
======

An attacker could exploit this vulnerability to execute arbitrary code
with the permission of the telnetd server program.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.5"

References
==========

  [ 1 ] CAN-2005-2040
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2040
  [ 2 ] Heimdal Advisory 2005-06-20
        http://www.pdc.kth.se/heimdal/advisory/2005-06-20/

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-24.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart7476482.RR4ShtGTiK
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBCwobezKC5hMHO6rkRAv6PAJ0brI3FcbEh5yRLVFWl7R3Kste66ACfaogF
3DyMKumvMDwryU1pEMNDGcY=
=kmOU
-----END PGP SIGNATURE-----

--nextPart7476482.RR4ShtGTiK--
-- 
gentoo-announce@gentoo.org mailing list




--===============0853001278==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Help-gnu-emacs mailing list
Help-gnu-emacs@gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnu-emacs

--===============0853001278==--
-- 
gentoo-announce@gentoo.org mailing list