blob: 7c58343a2fddf1de7e6a93efbde77961659fe087 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200503-23">
<title>rxvt-unicode: Buffer overflow</title>
rxvt-unicode is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.
<product type="ebuild">rxvt-unicode</product>
<announced>March 20, 2005</announced>
<revised>March 20, 2005: 01</revised>
<package name="x11-terms/rxvt-unicode" auto="yes" arch="*">
<unaffected range="ge">5.3</unaffected>
<unaffected range="lt">4.8</unaffected>
<vulnerable range="lt">5.3</vulnerable>
rxvt-unicode is a clone of the well known terminal emulator rxvt.
Rob Holland of the Gentoo Linux Security Audit Team discovered
that rxvt-unicode fails to properly check input length.
<impact type="normal">
Successful exploitation would allow an attacker to execute
arbitrary code with the permissions of the user running rxvt-unicode.
There is no known workaround at this time.
All rxvt-unicode users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=x11-terms/rxvt-unicode-5.3&quot;</code>
<uri link="">CAN-2005-0764</uri>
<metadata tag="requester" timestamp="Tue, 15 Mar 2005 14:52:07 +0000">
<metadata tag="bugReady" timestamp="Tue, 15 Mar 2005 23:51:13 +0000">
<metadata tag="submitter" timestamp="Sun, 20 Mar 2005 16:52:52 +0000">