Debian 3.0: DSA 224-1 Critical: Canna Buffer Overflow and DoS Threats
debian
January 8, 2003
Several vulnerabilities have been discovered in canna, a Japanese input system.
Topics Covered
Summary
Several vulnerabilities have been discovered in canna, a Japanese
input system. The Common Vulnerabilities and Exposures (CVE) project
identified the following vulnerabilities:
* CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security
discovered a heap overflow vulnerability in the irw_through
function in canna server.
* CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project
discovered that canna does not properly validate requests, which
allows remote attackers to cause a denial of service or information
leak.
For the current stable distribution (woody) these problems have been
fixed in version 3.5b2-46.2.
For the old stable distribution (potato) these problems have been
fixed in version 3.5b2-25.2.
For the unstable distribution (sid) these problems have been fixed in
version 3.6p1-1.
We recommend that you upgrade your canna packages.
Installation Instructions
- -------------------------
wget url
will fetch the file for you
dpkg -i file.deb
will ins...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: canna
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!