Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)
High Nessus Plugin ID 23889
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionTavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.
Updated packages have been patched to correct this issue.
SolutionUpdate the affected ncompress package.