1 |
- -------------------------------------------------------------------------- |
2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- -------------------------------------------------------------------------- |
4 |
|
5 |
PACKAGE :imlib2 |
6 |
SUMMARY :A buffer overflow vulnerability |
7 |
DATE :2002-01-24 21:00:00 |
8 |
VERSIONS :Versions prior too Imlib2 1.0.5 |
9 |
|
10 |
- -------------------------------------------------------------------------- |
11 |
|
12 |
OVERVIEW |
13 |
|
14 |
|
15 |
A local user can trigger an overflow in the processing of the HOME environment |
16 |
variable and cause arbitrary code to be executed with 'utmp' group privileges. |
17 |
|
18 |
|
19 |
DETAIL |
20 |
|
21 |
|
22 |
This vulnerability can be exploited with programs that use imlib2 such as eterm. |
23 |
|
24 |
|
25 |
|
26 |
SOLUTION |
27 |
|
28 |
|
29 |
It is recommended that all imlib2 users apply the update |
30 |
|
31 |
Portage Auto: |
32 |
|
33 |
emerge rsync |
34 |
emerge update |
35 |
emerge update --world |
36 |
|
37 |
|
38 |
Portage by hand: |
39 |
|
40 |
emerge rsync |
41 |
emerge media-libs/imlib2 |
42 |
|
43 |
Manually: |
44 |
|
45 |
Download the new at package here and follow in file instructions: |
46 |
http://prdownloads.sourceforge.net/enlightenment/imlib2-1.0.5.tar.gz |
47 |
|
48 |
- -------------------------------------------------------------------------- |
49 |
Ferry Meyndert |
50 |
m0rpheus@×××××××××××××.nu |
51 |
- -------------------------------------------------------------------------- |