[Frugalware-security] [ FSA-360 ] ruby-gnome2
noreply at frugalware.org
Wed Jan 23 20:59:43 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-360
Vulnerable versions: <= 0.16.0-3
Unaffected versions: >= 0.16.0-4sayshell1
Related bugreport: http://bugs.frugalware.org/task/2650
Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to a format string error within the "Gtk::MessageDialog.new()" method in gtk/src/rbgtkmessagedialog.c and can potentially be exploited to execute arbitrary code when a specially crafted string is passed to the affected function.
NOTE: Exploitation and impact of this vulnerability depend on how an application uses the affected function of the vulnerable library.
Check if you have ruby-gnome2 installed:
# pacman-g2 -Q ruby-gnome2
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy ruby-gnome2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security