Bug 307

Summary:	Important security Issue with imlib2 and eterm
Product:	Gentoo Linux	Reporter:	Ferry Meyndert <m0rpheus>
Component:	[OLD] Library	Assignee:	Geert Bevin <gbevin>
Status:	RESOLVED FIXED
Severity:	trivial
Priority:	High
Version:	1.0 RC6 r14
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Ferry Meyndert 2002-01-24 06:50:51 UTC

Date:  Jan 22 2002

Impact:  Execution of arbitrary code via local system, User access via local system

Fix Available:  Yes   Vendor Confirmed:  Yes  

Version(s): eterm 0.9.1-2; libimlib2 1.0.4-1

Description:  A buffer overflow vulnerability was reported in the Eterm terminal
emulator. A local user can obtain elevated privileges on the host.

A local user can trigger an overflow in the processing of the HOME environment
variable and cause arbitrary code to be executed with 'utmp' group privileges.
It is reported that the buffer overflow may be in imlib2 rather than Eterm.

Impact:  A local user can execute arbitrary code on the host with 'utmp' group
privileges to gain 'utmp' group privileges on the host.

Solution:  The vendor reports that Imlib2 1.0.5 has been released to fix this
bug. The source tarball may be downloaded immediately from:


renaming the ebuild worked for me.

Comment 1 Geert Bevin 2002-01-24 07:05:11 UTC

commited