Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120106 - x11-libs/libast: 0.7 fixes buffer overflow (CVE-2006-0224)
Summary: x11-libs/libast: 0.7 fixes buffer overflow (CVE-2006-0224)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://article.gmane.org/gmane.comp.w...
Whiteboard: C1 [glsa ] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-23 15:07 UTC by SpanKY
Modified: 2006-01-29 06:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2006-01-23 15:07:59 UTC 
i'm pretty sure this doesnt affect anything in the portage tree (outside of libast itself) ... Eterm for sure isnt setid anything

ive already added 0.7 to portage

Release Notes:
--------------

This release also contains a security fix for CVE-2006-0224, a buffer
overflow vulnerability discovered by Rosiello Security
(www.rosiello.org) which could lead to privilege escalation in
setuid/setgid applications using LibAST's configuration engine.  This
includes any platforms on which Eterm is setuid/setgid (e.g., setgid
utmp).  Thanks to Angelo Rosiello and his team for discovering this
issue and coordinating with me for the fix and release.

More details on the vulnerability are available at
http://www.rosiello.org/en/read_bugs.php?id=25
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-23 15:27:59 UTC 
arches, pls test and mark stable, thx

... bah, this phrase is getting annoying, i need to find cool alternatives ...
Comment 2 Markus Rothe (RETIRED) gentoo-dev 2006-01-23 22:36:16 UTC 
stable on ppc64
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2006-01-24 05:49:53 UTC 
ppc stable
Comment 4 René Nussbaumer (RETIRED) gentoo-dev 2006-01-24 06:28:17 UTC 
Stable on hppa
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2006-01-24 07:34:01 UTC 
sparc stable.
Comment 6 Joshua Jackson (RETIRED) gentoo-dev 2006-01-24 23:23:20 UTC 
stable on x86
Comment 7 Luis Medinas (RETIRED) gentoo-dev 2006-01-25 02:52:40 UTC 
amd64 done
Comment 8 Bryan Østergaard (RETIRED) gentoo-dev 2006-01-25 13:41:43 UTC 
Stable on alpha + ia64.
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-25 13:44:05 UTC 
ready for glsa
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-29 06:59:25 UTC 
GLSA 200601-14