A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack.
|Package||net-nntp/inn on all architectures|
|Affected versions||< 2.5.3|
|Unaffected versions||>= 2.5.3|
INN is a news server which can interface with Usenet.
INN’s I/O buffering is not correctly restricted.
A remote attacker could inject commands into encrypted NNTP sessions.
There is no known workaround at this time.
All INN users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-nntp/inn-2.5.3"
January 21, 2014
January 21, 2014: 1