Date: Sun, 14 Dec 2003 15:46:10 -0500
From: Kurt Lieber <[email protected]>
To: [email protected]Subject: GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service
--qw1jpiGhEv1c2/gd
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06
---------------------------------------------------------------------------
GLSA: 200312-06
Package: net-irc/xchat=20
Summary: Malformed dcc send requests in xchat-2.0.6 lead to a denial of
service
Severity: medium=20
Gentoo bug: 35623
Date: 2003-12-14
CVE: none=20
Exploit: remote=20
Affected: =3D2.0.6
Fixed: >=3D2.0.6-r1
DESCRIPTION:
There is a remotely exploitable bug in xchat 2.0.6 that could lead to a den=
ial
of service attack. This is caused by sending a malformed DCC packet to xch=
at
2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be
affected by this bug.
For more information, please see:
http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html
SOLUTION:
For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree, only
xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS
are affected. Users may updated affected machines to the patched version of
xchat using the following commands:
emerge sync
emerge -pv '>=3Dnet-irc/xchat-2.0.6-r1'
emerge '>=3Dnet-irc/xchat-2.0.6-r1'
emerge clean
--qw1jpiGhEv1c2/gd
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/3MwSJPpRNiftIEYRAv8VAJ9D7itnG7WRKWVHJWkHiiwQhQxKBwCfcb8U
9h78J8AOFl0PY1bWmjTU43Q=
=kUlb
-----END PGP SIGNATURE-----
--qw1jpiGhEv1c2/gd--
