Package: overkill Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2971: "Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function." There is a sample exploit [1] available. Sarge and Woody may be affected. Please mention the CVE in your changelog. Thanks, Alec [1] http://www.securityfocus.com/archive/1/archive/1/436659/100/0/threaded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD4DBQFEkL2hAud/2YgchcQRAomxAJjMfv7iEjb3Laci2o9bvwCjFQHbAKCkDpt3 pevbgxW//O2iq39xLliVEg== =JvUJ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
