| Description: | Description:
The remote host is missing an update to ed
announced via advisory FEDORA-2008-9236.
Update Information:
ed is a line-oriented text editor, used to create, display, and modify text
files (both interactively and via shell scripts). A heap-based buffer
overflow was discovered in the way ed, the GNU line editor, processed long file
names. An attacker could create a file with a specially-crafted name that could
possibly execute an arbitrary code when opened in the ed editor.
(CVE-2008-3916) Users of ed should upgrade to this updated package, which
contains a backported patch to resolve this issue.
ChangeLog:
* Wed Oct 29 2008 Karsten Hopp 1.1-1
- update to lastest version, fixes CVE-2008-3916
* Tue Jun 24 2008 Karsten Hopp 0.9-1
- version 0.9
References:
[ 1 ] Bug #466094 - CVE-2008-3916 ed: Heap-based buffer overflow (arb. code execution) [F8]
https://bugzilla.redhat.com/show_bug.cgi?id=466094
[ 2 ] Bug #466095 - CVE-2008-3916 ed: Heap-based buffer overflow (arb. code execution) [F9]
https://bugzilla.redhat.com/show_bug.cgi?id=466095
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update ed' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9236
Risk factor : Critical
CVSS Score:
9.3
|
