Bugtraq mailing list archives
[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability
From: Luke Macken <lewk () gentoo org>
Date: Mon, 7 Mar 2005 11:42:05 -0500
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200503-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: mlterm: Integer overflow vulnerability Date: March 07, 2005 Bugs: #84174 ID: 200503-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== mlterm is vulnerable to an integer overflow, which could potentially allow the execution of arbitrary code. Background ========== mlterm is a multi-lingual terminal emulator. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 x11-terms/mlterm < 2.9.2 >= 2.9.2 Description =========== mlterm is vulnerable to an integer overflow that can be triggered by specifying a large image file as a background. This only effects users that have compiled mlterm with the 'gtk' USE flag, which enables gdk-pixbuf support. Impact ====== An attacker can create a specially-crafted image file which, when used as a background by the victim, can lead to the execution of arbitrary code with the privileges of the user running mlterm. Workaround ========== Re-compile mlterm without the 'gtk' USE flag. Resolution ========== All mlterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/mlterm-2.9.2" References ========== [ 1 ] mlterm ChangeLog https://sourceforge.net/project/shownotes.php?release_id=310416 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-13.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0
Attachment:
_bin
Description:
Current thread:
- [ GLSA 200503-13 ] mlterm: Integer overflow vulnerability Luke Macken (Mar 07)