Home > Security > Advisories


Mandriva Advisories

Package name BitchX
Date December 14th, 2000
Advisory ID MDKSA-2000:079
Affected versions 6.1, 7.0, 7.1, 7.2
Synopsis Updated BitchX packages fix insecure handling of DNS information

Problem Description

Two bugs exist in the BitchX IRC client. A possible stack overflow
condition exists if a malformed DNS answer is processed by the client,
and the second bug allows this malformed DNS record to be embedded in a
valid DNS packet. Without the second bug, the malformed DNS record
wouldn't be processed "correctly."

Updated Packages

Mandrakelinux 6.1

 f3923806f31fc2051634d58793da5564  6.1/RPMS/BitchX-1.0-0.c17.1.2mdk.i586.rpm
ca985345f2325952bbdb3d2fcd31dcb6  6.1/SRPMS/BitchX-1.0-0.c17.1.2mdk.src.rpm

Mandrakelinux 7.0

 b6341687d0e8a4f1149850d58db38384  7.0/RPMS/BitchX-1.0-0.c17.1.2mdk.i586.rpm
ca985345f2325952bbdb3d2fcd31dcb6  7.0/SRPMS/BitchX-1.0-0.c17.1.2mdk.src.rpm

Mandrakelinux 7.1

 6a37d4159ec294b0f02d607d3bb0a1a8  7.1/RPMS/BitchX-1.0-0.c17.1.2mdk.i586.rpm
ca985345f2325952bbdb3d2fcd31dcb6  7.1/SRPMS/BitchX-1.0-0.c17.1.2mdk.src.rpm

Mandrakelinux 7.2

 d08c8f5facc4c90770d78ab56cfc4d75  7.2/RPMS/BitchX-1.0-0.c17.1.1mdk.i586.rpm
281243ff0bac9299c78d40132d7eb43c  7.2/SRPMS/BitchX-1.0-0.c17.1.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.