[Frugalware-security] [ FSA-95 ] libgtop

voroskoi noreply at frugalware.org
Tue Jan 16 11:27:59 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-95

Date: 2007-01-16
Package: libgtop
Vulnerable versions: <= 2.14.3-1
Unaffected versions: >= 2.14.3-2siwenna1
Related bugreport: http://bugs.frugalware.org/task/1626
CVE: There is no CVE for this issue, see: http://secunia.com/advisories/23736

Description
===========

Liu Qishuai has reported a vulnerability in libgtop2, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error within the &quot;glibtop_get_proc_map_s()&quot; function in sysdeps/linux/procmap.c. This can be exploited to cause a stack-based buffer overflow by running a process with a specially crafted long path and tricking a victim into running an application using the library (e.g. gnome-system-monitor).

Updated Packages
================

Check if you have libgtop installed:

	# pacman -Q libgtop

If found, then you should upgrade to the latest version:

	# pacman -Sy libgtop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFrKivZ7NElSD1VhkRAp+QAKCmfr25iJgHunbeUEaOmvptTNZ14wCfbDP/
x30dZScvmbZrqduBZVbzGMA=
=zsrG
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list