Summary: | <media-sound/abcm2ps-5.9.13: getarena() heap-based buffer overflow (CVE-2010-{3441,4743,4744}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/40033/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2010-06-05 14:17:32 UTC
Sound: I see that we are several versions behind upstream and it's a leaf package. If you don't want to bump, please consider removal. CVE request: [oss-security] CVE Request -- Abcm2ps v5.9.12 -- multiple unspecified vulnerabilities (From: Jan Lieskovsky <jlieskov@redhat.com>= 20 Aug 2010; Samuli Suominen <ssuominen@gentoo.org> abcm2ps-5.9.15.ebuild: amd64 stable wrt #322859 *abcm2ps-5.9.15 (20 Aug 2010) 20 Aug 2010; Samuli Suominen <ssuominen@gentoo.org> +abcm2ps-5.9.15.ebuild: Version bump wrt #322859 by Alex Legler. x86 stable sparc stable all arch's done, add sound@ back if you need something -> GLSA Request filed. CVE-2010-3441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3441): Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line. CVE-2010-4744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4744): Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. This issue was resolved and addressed in GLSA 201111-12 at http://security.gentoo.org/glsa/glsa-201111-12.xml by GLSA coordinator Alex Legler (a3li). |