GNUstep Base library: Denial of Service — GLSA 201412-20

A vulnerability in GNUstep Base library could lead to Denial of Service.

Affected Packages

gnustep-base/gnustep-base on all architectures
Affected versions < 1.24.6-r1
Unaffected versions >= 1.24.6-r1

Background

GNUstep Base library is a free software package implementing the API of the OpenStep Foundation Kit (tm), including later additions.

Description

GNUstep Base library does not properly handle the file descriptor for logging, when run as a daemon.

Impact

A remote attacker could send a specially crafted request, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GNUstep Base library users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=gnustep-base/gnustep-base-1.24.6-r1"
 

References

Release Date
December 13, 2014

Latest Revision
December 13, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries