Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-announce@××××××××××××.org
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200503-24 ] LTris: Buffer overflow
Date: Sun, 20 Mar 2005 20:09:26
Message-Id: 200503202109.33710.jaervosz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200503-24
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: LTris: Buffer overflow
9 Date: March 20, 2005
10 Bugs: #85770
11 ID: 200503-24
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 LTris is vulnerable to a buffer overflow which could lead to the
19 execution of arbitrary code.
20
21 Background
22 ==========
23
24 LTris is a Tetris clone.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 games-puzzle/ltris < 1.0.10 >= 1.0.10
33
34 Description
35 ===========
36
37 LTris is vulnerable to a buffer overflow when reading the global
38 highscores file.
39
40 Impact
41 ======
42
43 By modifying the global highscores file a malicious user could trick
44 another user to execute arbitrary code.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All LTris users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"
58
59 Availability
60 ============
61
62 This GLSA and any updates to it are available for viewing at
63 the Gentoo Security Website:
64
65 http://security.gentoo.org/glsa/glsa-200503-24.xml
66
67 Concerns?
68 =========
69
70 Security is a primary focus of Gentoo Linux and ensuring the
71 confidentiality and security of our users machines is of utmost
72 importance to us. Any security concerns should be addressed to
73 security@g.o or alternatively, you may file a bug at
74 http://bugs.gentoo.org.
75
76 License
77 =======
78
79 Copyright 2005 Gentoo Foundation, Inc; referenced text
80 belongs to its owner(s).
81
82 The contents of this document are licensed under the
83 Creative Commons - Attribution / Share Alike license.
84
85 http://creativecommons.org/licenses/by-sa/2.0
Report Message
Find on MARC Find on Google Groups