Login
Newsletter
Werbung

Sicherheit: Ausführen von beliebigem SQL-Code in teapop
Aktuelle Meldungen Distributionen
Name: Ausführen von beliebigem SQL-Code in teapop
ID: 200309-18
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Mi, 1. Oktober 2003, 13:00
Referenzen: Keine Angabe
Applikationen: Teapop

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-18
--------------------------------------------------------------------

          PACKAGE : teapop
          SUMMARY : sql injection
             DATE : 2003-09-30 20:52 UTC
          EXPLOIT : remote
GENTOO BUG # : 26730
              CVE : CAN-2003-0515

--------------------------------------------------------------------

DESCRIPTION

teapop suffers from a sql injection in the postgresql and mysql
authentication module.

SOLUTION

it is recommended that all Gentoo Linux users who are running
net-mail/teapop upgrade to a fixed version.

make sure that the version to be installed is atleast 0.3.7.

emerge sync
emerge teapop -p
emerge teapop
emerge clean


--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ee0OfT7nyhUpoZMRAlmhAJ9THOKIyx0nc4azr1m0nr3WL4np0ACgllB6
6ztPlNoz+4lolEgTATKE/so=
=Z13m
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung