Date: Jan 22 2002 Impact: Execution of arbitrary code via local system, User access via local system Fix Available: Yes Vendor Confirmed: Yes Version(s): eterm 0.9.1-2; libimlib2 1.0.4-1 Description: A buffer overflow vulnerability was reported in the Eterm terminal emulator. A local user can obtain elevated privileges on the host. A local user can trigger an overflow in the processing of the HOME environment variable and cause arbitrary code to be executed with 'utmp' group privileges. It is reported that the buffer overflow may be in imlib2 rather than Eterm. Impact: A local user can execute arbitrary code on the host with 'utmp' group privileges to gain 'utmp' group privileges on the host. Solution: The vendor reports that Imlib2 1.0.5 has been released to fix this bug. The source tarball may be downloaded immediately from: renaming the ebuild worked for me.
commited