From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-5798-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 28513 invoked by uid 1002); 19 Aug 2003 22:47:40 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 8229 invoked from network); 19 Aug 2003 22:47:40 -0000
From: Patrick Lauer <gentoo@toso-digitals.de>
To: gentoo-dev@gentoo.org
Content-Type: text/plain
Message-Id: <1061333257.14174.2.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.3 
Date: 20 Aug 2003 00:47:37 +0200
Content-Transfer-Encoding: 7bit
Subject: [gentoo-dev] Security Problems: xmule, lmule
X-Archives-Salt: 16a7fca9-a15b-4e95-b937-f0fe4baedab0
X-Archives-Hash: 95a61a6da19adb29cc7f4ecf60607558

Hi,

yesterday I found this:
http://www.heise.de/newsticker/data/dab-18.08.03-000/ (in german)

http://lists.netsys.com/pipermail/full-disclosure/2003-August/008449.html
(english)

short summary:
all emule, lmule and xmule versions are vulnerable to buffer overflows
including execution of malicious code.

xmule 1.4.3 (portage current) is very vulnerable.
xmule 1.5.6 (latest from xmule website) does not fix all known
vulnerabilities.

Please discourage the use of lmule and xmule until fixed versions are
available.

With best regards,
Patrick "bonsaikitten" Lauer


--
gentoo-dev@gentoo.org mailing list