FLEA-2007-0007-1: nas
Date: Tue, 03 Apr 2007 15:58:04 -0400
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@foresightlinux.org.>
To: [email protected]
Subject: FLEA-2007-0007-1: nas
References: <45EF374E.1090207@foresightlinux.org.> <45EF8D85.3050102@moritz-naumann.com.>
In-Reply-To: <45EF8D85.3050102@moritz-naumann.com.>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
Foresight Linux Essential Advisory: 2007-0007-1
Published: 2007-04-03
Rating: Informational
Updated Versions:
nas=/conary.rpath.com@rpl:devel/1.8b-1-2
group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.12-1
References:
https://issues.rpath.com/browse/RPL-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547
Description:
Previous versions of the nas package were vulnerable to a number of buffer
overflows, NULL and invalid pointers, and an int overflow. Foresight Linux is
not vulnerable to any of these by default, as Foresight does not ship the
initscript which starts the nas daemon.