Gentoo: bitchx denial of service vulnerability
Posted by LinuxSecurity.com Team   
Gentoo A denial of service vulnerability exists in BitchX.

- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-11
- ---------------------------------------------------------------------

PACKAGE : bitchx
SUMMARY : denial of service
DATE    : 2003-02-20 17:47 UTC
EXPLOIT : remote

- ---------------------------------------------------------------------

From advisory:

"A denial of service vulnerability exists in BitchX. Sending
a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault."

Read the full advisory at: 
http://marc.theaimsgroup.com/?l=bugtraq&m=104554352513997&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-irc/bitchx upgrade to bitchx-1.0.19-r4 as follows:

emerge sync
emerge -u bitchx
emerge clean

- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
- ---------------------------------------------------------------------