GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jun 01, 2010 10:26 pm Post subject: [ GLSA 201006-07 ] SILC: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: SILC: Multiple vulnerabilities (GLSA 201006-07)
Severity: normal
Exploitable: remote
Date: June 01, 2010
Bug(s): #284561
ID: 201006-07
Synopsis
Multiple vulnerabilities were discovered in SILC Toolkit and SILC Client,
the worst of which allowing for execution of arbitrary code.
Background
SILC (Secure Internet Live Conferencing protocol) Toolkit is a software
development kit for use in clients, and SILC Client is an IRSSI-based
text client.
Affected Packages
Package: net-im/silc-toolkit
Vulnerable: < 1.1.10
Unaffected: >= 1.1.10
Architectures: All supported architectures
Package: net-im/silc-client
Vulnerable: < 1.1.8
Unaffected: >= 1.1.8
Architectures: All supported architectures
Description
Multiple vulnerabilities were discovered in SILC Toolkit and SILC
Client. For further information please consult the CVE entries
referenced below.
Impact
A remote attacker could overwrite stack locations and possibly execute
arbitrary code via a crafted OID value, Content-Length header or format
string specifiers in a nickname field or channel name.
Workaround
There is no known workaround at this time.
Resolution
All SILC Toolkit users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/silc-toolkit-1.1.10" |
All SILC Client users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/silc-client-1.1.8" |
References
CVE-2008-7159
CVE-2008-7160
CVE-2009-3051
CVE-2009-3163 |
|
News & Announcements
