Gentoo Full Text Bug Listing

Bug 120106 - x11-libs/libast: 0.7 fixes buffer overflow (CVE-2006-0224)

Bug#: 120106	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: All	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: vapier@gentoo.org
Component: Vulnerabilities
URL: http://article.gmane.org/gmane.comp.window-managers.enlightenment.announce/9
Summary: x11-libs/libast: 0.7 fixes buffer overflow (CVE-2006-0224)
Keywords:
Status Whiteboard: C1 [glsa ] DerCorny
Opened: 2006-01-23 15:07 0000

Description:

Opened: 2006-01-23 15:07 0000

i'm pretty sure this doesnt affect anything in the portage tree (outside of
libast itself) ... Eterm for sure isnt setid anything

ive already added 0.7 to portage

Release Notes:
--------------

This release also contains a security fix for CVE-2006-0224, a buffer
overflow vulnerability discovered by Rosiello Security
(www.rosiello.org) which could lead to privilege escalation in
setuid/setgid applications using LibAST's configuration engine.  This
includes any platforms on which Eterm is setuid/setgid (e.g., setgid
utmp).  Thanks to Angelo Rosiello and his team for discovering this
issue and coordinating with me for the fix and release.

More details on the vulnerability are available at
http://www.rosiello.org/en/read_bugs.php?id=25

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-01-23 15:27:59 0000 -------

arches, pls test and mark stable, thx

... bah, this phrase is getting annoying, i need to find cool alternatives ...

------- Comment #2 From Markus Rothe 2006-01-23 22:36:16 0000 -------

stable on ppc64

------- Comment #3 From Tobias Scherbaum 2006-01-24 05:49:53 0000 -------

ppc stable

------- Comment #4 From René Nussbaumer 2006-01-24 06:28:17 0000 -------

Stable on hppa

------- Comment #5 From Gustavo Zacarias (RETIRED) 2006-01-24 07:34:01 0000 -------

sparc stable.

------- Comment #6 From Joshua Jackson 2006-01-24 23:23:20 0000 -------

stable on x86

------- Comment #7 From Luis Medinas (RETIRED) 2006-01-25 02:52:40 0000 -------

amd64 done

------- Comment #8 From Bryan Østergaard (RETIRED) 2006-01-25 13:41:43 0000 -------

Stable on alpha + ia64.

------- Comment #9 From Stefan Cornelius (RETIRED) 2006-01-25 13:44:05 0000 -------

ready for glsa

------- Comment #10 From Sune Kloppenborg Jeppesen 2006-01-29 06:59:25 0000 -------

GLSA 200601-14