Discussion:
[albatross-users] Vulnerability? Security Focus site says...
Sheila King
2006-01-17 01:45:40 UTC
Permalink
Any comments/reactions to this alert from Security Focus regarding
Albatross vulnerability?

Albatross Remote Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/16252/info
--
Sheila King
sheila at thinkspot.net
http://www.thinkspot.net/sheila/
Tim Churches
2006-01-17 01:58:58 UTC
Permalink
Post by Sheila King
Any comments/reactions to this alert from Security Focus regarding
Albatross vulnerability?
Albatross Remote Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/16252/info
Yes, Andrew McNamara mentioned it on this list:

http://www.object-craft.com.au/pipermail/albatross-users/2006-January/001254.html

It is fixed in v1.33 with the fix back-ported to v1.20 on debian.

Andrew, you need to add a note abot v1.33 on the News page for Albatross.

We have not encountered any problems after upgrading to v1.33, and no
code chnages were needed to any of our applications.

Tim C
Sheila King
2006-01-17 02:52:35 UTC
Permalink
--On January 17, 2006 12:58:58 PM +1100 Tim Churches
Post by Tim Churches
http://www.object-craft.com.au/pipermail/albatross-users/2006-January/00
1254.html
It is fixed in v1.33 with the fix back-ported to v1.20 on debian.
Andrew, you need to add a note abot v1.33 on the News page for Albatross.
Hmm. Somehow I missed that. Since it is a security/vulnerability issue, the
subject line might've mentioned something more compelling than simply
Albatross 1.33 released

In any case, the Security Focus page doesn't indicate any resolution. Just
kind of leaves you high and dry.

Someone might want to submit more info to that Security Focus ticket so
that others who see it will know this is addressed and resolved by version
1.33 ?
--
Sheila King
sheila at thinkspot.net
http://www.thinkspot.net/sheila/
Andrew McNamara
2006-01-17 02:45:50 UTC
Permalink
Post by Sheila King
Any comments/reactions to this alert from Security Focus regarding
Albatross vulnerability?
Albatross Remote Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/16252/info
They don't list a CVE number (it is still tagged as private in the
CVE database, but it's CVE-2006-0044), but I'm almost certain this is
the issue 1.33 was released to address (certainly, the Debian advisory
DSA-942-1 is in reference to the 1.33 issue).

http://www.object-craft.com.au/projects/albatross/download/albatross-1.33.tar.gz
--
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/
Loading...