Debian: DSA 307-1 Critical: gPS Package Buffer Overflow Issues
debian
May 29, 2003
In release 1.1.0 of the gps package, several security vulnerabilities were fixed,as detailed in the changelog.
Summary
gPS is a graphical application to watch system processes. In release
1.1.0 of the gps package, several security vulnerabilities were fixed,
as detailed in the changelog:
* bug fix on rgpsp connection source acceptation policy
(it was allowing any host to connect even when the
/etc/rgpsp.conf file told otherwise)
It is working now, but on any real ("production")
network I suggest you use IP filtering to enforce
the policy (like ipchains or iptables)
* Several possibilities of buffer overflows have been
fixed. Thanks to Stanislav Ievlev from ALT-Linux for
pointing a lot of them.
* fixed misformatting of command line parameters in
rgpsp protocol (command lines with newlines would
break the protocol)
* fixed buffer overflow bug that caused rgpsp
to SIGSEGV when stating processes with large
command lines (>128 chars) [Linux only]
All of these problems affect Debian's gps package version 0.9.4-1 in
Debian woody. Debian potato also contains a gps package (version
0.4.1-...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gps
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!