Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: lv (200305-07)
Date: Mon, 19 May 2003 07:24:17
Message-Id: 20030519071042.345EC3374D@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200305-07
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : lv
9 SUMMARY : arbitrary command execution
10 DATE : 2003-05-19 07:10 UTC
11 EXPLOIT : local
12 VERSIONS AFFECTED : <lv-4.49.5
13 FIXED VERSION : >=lv-4.49.5
14 CVE : CAN-2003-0188
15
16 - - - ---------------------------------------------------------------------
17
18 Previous versions of lv read the file .lv in the current directory.
19 Becuse this file could be created by other users and could contain
20 malicious commands to execute upon viewing certain files this is
21 considered a potential local root exploit.
22
23 SOLUTION
24
25 It is recommended that all Gentoo Linux users who are running
26 app-text/lv upgrade to lv-4.49.5 as follows
27
28 emerge sync
29 emerge lv
30 emerge clean
31
32 - - - ---------------------------------------------------------------------
33 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
34 nakano@g.o
35 - - - ---------------------------------------------------------------------
36 -----BEGIN PGP SIGNATURE-----
37 Version: GnuPG v1.2.2 (GNU/Linux)
38
39 iD8DBQE+yINxfT7nyhUpoZMRAvqqAJ9bt/LnN/GExeGVsye65ts1zN+lWgCdEvhA
40 CpJZVas9U0bmZ6iG0hQ5/9k=
41 =jRrn
42 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups