MDKSA-2003:005
- Package name
- leafnode
- Date
- 2003-01-14
- Advisory ID
- MDKSA-2003:005
- Affected versions
- 8.2 i586 , 9.0 i586 , 8.2 i586
Problem description
A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it's Message-ID. This vulnerability was introduced in 1.9.20 and fixed upstream in version 1.9.30. Only Mandrake Linux 9.0 is affected by this, but version 1.9.19 (which shipped with Mandrake Linux 8.2) is receiving an update due to critical bugs in it that can corrupt parts of its news spool under certain circumstances.
Updated packages
8.2 i586
c39ab8855cbb4d0727c796242edda60c ppc/8.2/RPMS/leafnode-1.9.31-1.1mdk.ppc.rpm 25f0be374ababf45db444a9b64ab1a98 ppc/8.2/SRPMS/leafnode-1.9.31-1.1mdk.src.rpm
9.0 i586
4749ee927caa55f15adddadd473a3d12 9.0/RPMS/leafnode-1.9.31-1.1mdk.i586.rpm 25f0be374ababf45db444a9b64ab1a98 9.0/SRPMS/leafnode-1.9.31-1.1mdk.src.rpm
8.2 i586
a9c3f6f4198c88e71f7c78281d6ead7b 8.2/RPMS/leafnode-1.9.31-1.1mdk.i586.rpm 25f0be374ababf45db444a9b64ab1a98 8.2/SRPMS/leafnode-1.9.31-1.1mdk.src.rpm