Summary: | media-video/ati-gatos CAN-2005-0016 Arbitrary code execution | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | lu_zero |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.securityfocus.com/archive/1/387412/2005-01-14/2005-01-20/0 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-01-17 09:43:39 UTC
Erik Sjölund discovered a buffer overflow in xatitv, one of the programs in the gatos package, that is used to display video with certain ATI video cards. xatitv is installed setuid root in order to gain direct access to the video hardware. Lu_zero: I believe ati drivers are your walk in the park :). Mind taking a look at this one? I can't find many references about xatitv. The gatos ebuild should just provide the driver. We don't even provide the suggested tcl/tk viewer AVview. Not sure if that advisor applies to us or is just Debian only. I'll do further research during the day. I remember there was another issue in the Debian gatos package some time ago and we finally discovered that it didn't apply to us (not same sources, no xatitv on our side). I remember fetching the Debian package source to check... So please doublecheck that we were right last time to drop it, in which case we'll drop it again. Does not apply to us, much like the old DSA-509-1 |