Salvatore Bonaccorso
2012-Mar-17 21:59 UTC
[Secure-testing-team] Bug#664465: barnowl: Multiple Remote Denial of Service Vulnerabilities
Package: barnowl Version: 1.6.2-1 Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi (Please adjust the severity if this should be wrong, as classified as DoS, maybe normal could suffice here): It was discovered that barnowl has multiple remote denial of service vulnerabilities [1,2]. [1] http://www.securityfocus.com/bid/52517/info [2] http://secunia.com/advisories/48427 According to release notes [3]: [3] http://barnowl.mit.edu/wiki/release-notes/1.8.1 * Fix a denial of service when receiving empty zcrypted messages, found by Alex Dehnert. * Fix a denial of service when receiving a zephyrgram with an excessive number of fields, found by Luke Faraone. This is fixed upstream in version 1.8.1. Regards, Salvatore - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPZQkkAAoJEHidbwV/2GP+8eMQAIZncA9C47uYYJ2ho2mR44lw G+4LJD/HUTY4wKj+KpHbp+As2xdBVCvWk2PoKSVxMe9PqwHP2OLw/vNZouCzhn6T v58rzBs/1f9j0Hd6XpNkS3fI5GSvj5xh/q/0fQxCWADuFvNuXDDAbtz28AySB9GB a7nQgcRe0bvHIR5xk2FC37zlwl2di6axNyF+RBZ+BdD1YpNoyn/wKsC4W7pkKZvd tG4DaRWRR3c1II6VtoiiBSWGRPMugq5q+fofbdfqmZeSCXKBbh1QUtK8bGKo2E5t VXxjtfhpW9YwlTKs16h/aBkxtyOO9dzIuYJtvC9rDDI5OyzrTrRtBNrGHg8nvO4S TZRE0a6zsOZTULq98v6Yuz+bY+v8VXQuqmm0F0E6CpbBxSK+DthuXO1A7eFQipfa t90uH2dt/BqduHeJL1yS70onfe6mq6m255ycFeM6d8zIAvuqF2s7skyMXmTx14ad TtXuW7NnM7JsVgpAj44r4hQrxg9o6p66D+LFZaznmbdB5ojlFXZ4Hmm1NRN7DOrn 9K0bofRvXY28yVPP5p6vyiiB+7RhXebBQ2f2wI2iG72+q1Sx40g5ay15dkkIgYe5 R/mWkNH0H/dzCWMp+5/HWTGoDNUgkQXGfNRbV2OoBLjFKd1ONepTiQsUhRmnbc6z 8Z6POrYrQl32wD/ev4PA =cZuT -----END PGP SIGNATURE-----