Advisories
Mandriva Advisories
|
 |
| Problem Description |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote
IRC servers to execute arbitrary code via a long private message.
Updated packages fix this issue.
| Updated Packages |
Corporate Server 3.0
885019e8d2f6b0cfb9de05156d64444e corporate/3.0/i586/eggdrop-1.6.15-3.1.C30mdk.i586.rpm aa1cb17308f08bec5f524d41495e5fc9 corporate/3.0/SRPMS/eggdrop-1.6.15-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
6913fb0a2f783d2614f34883e40d7664 corporate/3.0/x86_64/eggdrop-1.6.15-3.1.C30mdk.x86_64.rpm aa1cb17308f08bec5f524d41495e5fc9 corporate/3.0/SRPMS/eggdrop-1.6.15-3.1.C30mdk.src.rpm
Mandriva Linux 2007
42c9df2265dca3aa08ac313581d2f79e 2007.0/i586/eggdrop-1.6.17-3.1mdv2007.0.i586.rpm 0b8dab3bb20fa77b8110fba70c0cf42d 2007.0/SRPMS/eggdrop-1.6.17-3.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
dbe358c197ea69243ea96536814b089c 2007.0/x86_64/eggdrop-1.6.17-3.1mdv2007.0.x86_64.rpm 0b8dab3bb20fa77b8110fba70c0cf42d 2007.0/SRPMS/eggdrop-1.6.17-3.1mdv2007.0.src.rpm
Mandriva Linux 2007.1
a56c9816445a5b4967d03d144aade848 2007.1/i586/eggdrop-1.6.17-3.1mdv2007.1.i586.rpm d8eb704c902f6118cec187ec6cd67bae 2007.1/SRPMS/eggdrop-1.6.17-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
69824e4cf05c6aaed125d3ce5b035d49 2007.1/x86_64/eggdrop-1.6.17-3.1mdv2007.1.x86_64.rpm d8eb704c902f6118cec187ec6cd67bae 2007.1/SRPMS/eggdrop-1.6.17-3.1mdv2007.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.