leafnode -- denial of service vulnerability

ID B5FFAA2A-EE50-4498-AF99-61BC1B163C00
Type freebsd
Reporter FreeBSD
Modified 2005-06-08T00:00:00


Matthias Andree reports:

A vulnerability was found in the fetchnews program (the NNTP client) that may under some circumstances cause a wait for input that never arrives, fetchnews "hangs". [...] As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs will terminate. [...] Upgrade your leafnode package to version 1.11.3.