An updated canna package for Debian GNU/Linux has been released
Several vulnerabilities have been discovered in canna, a Japanese input system. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:Read more
- CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server.
- CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project discovered that canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
For the current stable distribution (woody) these problems have been fixed in version 3.5b2-46.2.
For the old stable distribution (potato) these problems have been fixed in version 3.5b2-25.2.
For the unstable distribution (sid) these problems have been fixed in version 3.6p1-1.