Security 10809 Published by

An updated canna package for Debian GNU/Linux has been released



Several vulnerabilities have been discovered in canna, a Japanese input system. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:

- CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server.
- CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project discovered that canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

For the current stable distribution (woody) these problems have been fixed in version 3.5b2-46.2.

For the old stable distribution (potato) these problems have been fixed in version 3.5b2-25.2.

For the unstable distribution (sid) these problems have been fixed in version 3.6p1-1.
Read more