Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 177512 - www-client/elinks Untrusted search path (CVE-2007-2027)
Summary: www-client/elinks Untrusted search path (CVE-2007-2027)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa] jaervosz
: 177777 (view as bug list)
Depends on:
Reported: 2007-05-07 16:13 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-06-28 06:22 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-07 16:13:22 UTC
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 adds "../po" to the search path for .po files, which might allow local users to cause Elinks to use an untrusted gettext message catalog, which can be leveraged to conduct format string attacks.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-05-09 11:48:02 UTC
*** Bug 177777 has been marked as a duplicate of this bug. ***
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-19 22:41:17 UTC
spock please advise.
Comment 3 Michal Januszewski (RETIRED) gentoo-dev 2007-05-21 17:24:02 UTC
This is now fixed in CVS thanks to a patch pulled from the elinks GIT tree.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-21 18:30:57 UTC
Thx Micheal. 

Could you make a revbump of the latest stable so users can use glsa-check to upgrade and arches have a chance to test?
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-21 18:46:15 UTC
Woops didn't mean to CC arches already. Sorry for the noise.
Comment 6 Michal Januszewski (RETIRED) gentoo-dev 2007-05-21 21:00:09 UTC
Done, 0.11.2-r1 is in CVS now.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-05-31 09:44:03 UTC
Jaervosz, seems it's ok for calling arches this time :)
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-06-01 05:54:27 UTC
Thx for the reminder:-)

Arches please test and mark stable. Target keywords are:

elinks-0.11.2-r1.ebuild:KEYWORDS="alpha amd64 hppa mips ppc ppc64 sparc x86 ~x86-fbsd"
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2007-06-01 12:36:08 UTC
alpha/x86 stable
Comment 10 Peter Weller (RETIRED) gentoo-dev 2007-06-01 12:45:43 UTC
amd64 done
Comment 11 Gustavo Zacarias (RETIRED) gentoo-dev 2007-06-01 13:27:11 UTC
sparc stable.
Comment 12 Brent Baude (RETIRED) gentoo-dev 2007-06-01 14:49:42 UTC
ppc64 stable
Comment 13 Jeroen Roovers (RETIRED) gentoo-dev 2007-06-01 16:12:19 UTC
Stable for HPPA.
Comment 14 René Nussbaumer (RETIRED) gentoo-dev 2007-06-02 20:09:19 UTC
stable on ppc
Comment 15 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-06-07 21:30:56 UTC
GLS 200706-03, thanks everybody!

mips don't forget to mark stable to befenit from the glsa
Comment 16 Joshua Kinard gentoo-dev 2007-06-28 06:22:11 UTC
mips stable.