Joined: 12 May 2004
|Posted: Sun Dec 14, 2014 12:26 am Post subject: [ GLSA 201412-20 ] GNUstep Base library: Denial of Service
|Gentoo Linux Security Advisory
Title: GNUstep Base library: Denial of Service (GLSA 201412-20)
Date: December 13, 2014
A vulnerability in GNUstep Base library could lead to Denial of
GNUstep Base library is a free software package implementing the API of
the OpenStep Foundation Kit (tm), including later additions.
Vulnerable: < 1.24.6-r1
Unaffected: >= 1.24.6-r1
Architectures: All supported architectures
GNUstep Base library does not properly handle the file descriptor for
logging, when run as a daemon.
A remote attacker could send a specially crafted request, possibly
resulting in a Denial of Service condition.
There is no known workaround at this time.
All GNUstep Base library users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose