Package : canna Vulnerability : buffer overflow and more Problem-Type : local, remote Debian-specific: no CVE Id : CAN-2002-1158 CAN-2002-1159 BugTraq Id : 6351 6354
Several vulnerabilities have been discovered in canna, a Japanese input system. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:
* CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server.
* CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project discovered that canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
For the current stable distribution (woody) these problems have been fixed in version 3.5b2-46.2.
For the old stable distribution (potato) these problems have been fixed in version 3.5b2-25.2.
For the unstable distribution (sid) these problems have been fixed in version 3.6p1-1.
We recommend that you upgrade your canna packages.