Subject: pkg/26607: cfengine security fix
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <mike@ethmoid.org>
List: pkgsrc-bugs
Date: 08/09/2004 22:17:52
>Number: 26607
>Category: pkg
>Synopsis: Cfengine RSA Authentication Heap Corruption
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Aug 10 02:32:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Michael Santos
>Release: NetBSD 2.0G
>Organization:
>Environment:
System: NetBSD ack 2.0G NetBSD 2.0G (ack) #55: Thu Aug 5 16:00:24 EDT 2004 root@ack:/home/build/src/sys/arch/i386/compile/obj/ack i386
Architecture: i386
Machine: i386
>Description:
see Cfengine RSA Authentication Heap Corruption
http://www.securityfocus.org/advisories/7045
>How-To-Repeat:
>Fix:
--- pkg-vulnerabilities.orig 2004-08-09 22:11:30.000000000 -0400
+++ pkg-vulnerabilities 2004-08-09 22:14:37.000000000 -0400
@@ -561,3 +561,5 @@
suse_libpng-9.1 remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt
suse_libpng<=6.4 remote-code-execution http://scary.beasts.org/security/CESA-2004-001.txt
+cfengine-2.0.* remote-code-execution http://www.securityfocus.org/advisories/7045
+cfengine-2.1.[0-7]* remote-code-execution http://www.securityfocus.org/advisories/7045
#CHECKSUM SHA1 afcc280e3e6376da5a0148ade10d547516743033
>Release-Note:
>Audit-Trail:
>Unformatted:
>How-Ta-Repeat:
<how to correct or work around the problem, if known (multiple lines)>
<code/input/activities to reproduce the problem (multiple lines)>