25753 2011-06-13 20:59:38 +0400 CVE-2011-2199: buffer overflow in tftp-hpa 2011-06-18 01:11:20 +0400 1 1 4 Development Sisyphus tftpd unstable all Linux CLOSED FIXED http://openwall.com/lists/oss-security/2011/06/11/1 security P3 critical --- 1 ldv sbolshakov mike sbolshakov qa-sisyphus oldest_to_newest 122110 0 ldv 2011-06-13 20:59:38 +0400 "The tftp-hpa daemon contained a buffer overflow vulnerability in the function for setting the utimeout option. As the daemon accepts this option from clients, the buffer overflow can be remotely exploited." 122114 1 ldv 2011-06-14 01:23:07 +0400 Here is the gitweb URL for that patch: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8 122168 2 mike 2011-06-18 01:11:20 +0400 tftp - The client for the Trivial File Transfer Protocol (TFTP) * Tue Jun 14 2011 Damir Shayhutdinov <damir@altlinux> 5.0-alt3 - Fix buffer overflow in utimeout option (CVE 2011-2199, closes #25753)