Stay Secure with the Latest Linux Advisories

security advisorydenial of servicegentoo

Gentoo: GLSA-202301-15 Normal: GNUstep Core Service Interruption

A vulnerability in GNUstep Base library could lead to Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNUstep Base library: Denial of Service Date: December 13, 2014 Bugs: #508370 ID: 201412-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in GNUstep Base library could lead to Denial of Service. Background ========= GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit (tm), including later additions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnustep-base/gnustep-base < 1.24.6-r1 > = 1.24.6-r1 Description ========== GNUstep Base library does not properly handle the file descriptor for logging, when run as a daemon. Impact ===== A remote attacker could send a specially crafted request, possibly resulting in a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All GNUstep Base library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =gnustep-base/gnustep-base-1.24.6-r1" References ========= [ 1 ] CVE-2014-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2980 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201412-20 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Security Advisory GLSA 202301-15 identifies a vulnerability in the FreeBSD Core components necessitating prompt user action.. GNUstep Base, Denial of Service, Gentoo Security. . LinuxSecurity.com Team

Dec 13, 2014 Gentoo