Joined: 12 May 2004
|Posted: Tue Nov 21, 2006 5:26 pm Post subject: [ GLSA 200611-16 ] Texinfo: Buffer overflow
|Gentoo Linux Security Advisory
Title: Texinfo: Buffer overflow (GLSA 200611-16)
Date: November 21, 2006
Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.
Texinfo is the official documentation system of the GNU project.
Vulnerable: < 4.8-r5
Unaffected: >= 4.8-r5
Architectures: All supported architectures
Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline()" function of texindex.c. The "readline()" function is called by the texi2dvi and texindex commands.
By enticing a user to open a specially crafted Texinfo file, an attacker could execute arbitrary code with the rights of the user running Texinfo.
There is no known workaround at this time.
All Texinfo users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r5"
Last edited by GLSA on Tue Jul 01, 2008 4:18 am; edited 2 times in total