[Frugalware-security] [ FSA-360 ] ruby-gnome2

voroskoi noreply at frugalware.org
Wed Jan 23 20:59:43 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-360

Date: 2008-01-23
Package: ruby-gnome2
Vulnerable versions: <= 0.16.0-3
Unaffected versions: >= 0.16.0-4sayshell1
Related bugreport: http://bugs.frugalware.org/task/2650
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183

Description
===========

Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to a format string error within the &quot;Gtk::MessageDialog.new()&quot; method in gtk/src/rbgtkmessagedialog.c and can potentially be exploited to execute arbitrary code when a specially crafted string is passed to the affected function.
NOTE: Exploitation and impact of this vulnerability depend on how an application uses the affected function of the vulnerable library.

Updated Packages
================

Check if you have ruby-gnome2 installed:

	# pacman-g2 -Q ruby-gnome2

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy ruby-gnome2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFHl5yuZ7NElSD1VhkRAuR6AKCYR84Pmwu8PbBOCaOjhWV2zu5WCQCfRgth
WJJG4mIeQaMnndSbr6RPhV8=
=kWhd
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list