Gentoo Archives: gentoo-dev

From: Ferry Meyndert <m0rpheus@×××××××××××××.nu>
To: gentoo-dev@g.o, gentoo-user@g.o
Subject: [gentoo-dev] [GENTOO] [SECURITY] New imlib2 version too fix buffer overflow vulnerability
Date: Thu, 24 Jan 2002 14:24:19
Message-Id: 20020124212333.133a21f5.m0rpheus@poseidon.mine.nu
- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE        :imlib2
SUMMARY        :A buffer overflow vulnerability  
DATE           :2002-01-24 21:00:00
VERSIONS       :Versions prior too Imlib2 1.0.5

- --------------------------------------------------------------------------

OVERVIEW

 
A local user can trigger an overflow in the processing of the HOME environment 
variable and cause arbitrary code to be executed with 'utmp' group privileges.


DETAIL


This vulnerability can be exploited with programs that use imlib2 such as eterm.



SOLUTION

 
 It is recommended that all imlib2 users apply the update

 Portage Auto:

 emerge rsync
 emerge update
 emerge update --world


 Portage by hand:

 emerge rsync
 emerge media-libs/imlib2

 Manually:

 Download the new at package here and follow in file instructions:
 http://prdownloads.sourceforge.net/enlightenment/imlib2-1.0.5.tar.gz

- --------------------------------------------------------------------------
Ferry Meyndert
m0rpheus@×××××××××××××.nu
- --------------------------------------------------------------------------