Gentoo: 200302-03 Critical Qt-dcgui File Leak Remote Exploit
gentoo
February 4, 2003
All versions < 0.2.2 have a major security vulnerability in the directory parser.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-03 - -------------------------------------------------------------------- DATE : 2003-02-04 15:03 UTC
- --------------------------------------------------------------------
From announcment:
"All versions < 0.2.2 have a major security vulnerability in the directory parser. This bug allow a remote attacker to download files outside the sharelist. It's recommend that you upgrade the packages immediatly."
Read the full announcment at:
SOLUTION
It is recommended that all Gentoo Linux users who are running net-p2p/qt-dcgui upgrade to qt-dcgui-0.2.4 as follows:
emerge sync emerge -u qt-dcgui emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at styx@gentoo.org - --------------------------------------------------------------------
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : qt-dcgui
SUMMARY : file leaking
EXPLOIT : remote
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!