From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce-return-162-arch-gentoo-announce=gentoo.org@gentoo.org>
Received: (qmail 15176 invoked by uid 1002); 30 Sep 2003 19:54:39 -0000
Mailing-List: contact gentoo-announce-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-announce@gentoo.org>
List-Help: <mailto:gentoo-announce-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-announce-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@gentoo.org
Received: (qmail 24848 invoked from network); 30 Sep 2003 14:21:42 -0000
To: gentoo-announce@gentoo.org, bugtraq@securityfocus.com,
	full-disclosure@lists.netsys.com
Message-Id: <20030930143204.01DAD9FB20@noc.internal.fairytale.se>
Date: Tue, 30 Sep 2003 16:32:04 +0200 (CEST)
From: aliz@gentoo.org (Daniel Ahlberg)
X-Virus-Scanned: by AMaViS 0.3.12
X-Virus-Scanned: by AMaViS 0.3.12
Subject: [gentoo-announce] GLSA:  mpg123 (200309-17)
X-Archives-Salt: 10d37508-7068-404b-b795-6bbc62c749bc
X-Archives-Hash: fe06da6d0494e3ef0dfed1ef0cd15a08

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-17
- - - ---------------------------------------------------------------------

          PACKAGE : mpg123
          SUMMARY : buffer overflow
             DATE : 2003-09-30 14:32 UTC
          EXPLOIT : remote
     GENTOO BUG # : 26787
              CVE : CAN-2003-0577

- - - ---------------------------------------------------------------------

DESCRIPTION

mpg123 contains a heap based buffer overflow that would allow an remote
attacker to execute arbitrary code on the victims machine.

SOLUTION

it is recommended that all Gentoo Linux users who are running
media-sound/mpg123 upgrade to a fixed version.

make sure that the version to be installed is either one of 
0.59r-r3 (stable) or 0.59s-r1 (masked).

emerge sync
emerge mpg123 -p
emerge mpg123
emerge clean


- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/eZPkfT7nyhUpoZMRAnwiAJ9PLTpDpa6cMaJekjdbX+b/QhqB0QCfTxhJ
aC2esvhlnUN1qSR9dPqjKv4=
=ggBo
-----END PGP SIGNATURE-----