[Frugalware-security] [ FSA-60 ] fvwm-devel

voroskoi noreply at frugalware.org
Tue Nov 28 22:51:14 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-60

Date: 2006-11-28
Package: fvwm-devel
Vulnerable versions: <= 2.5.17-1
Unaffected versions: >= 2.5.17-2siwenna1
Related bugreport: http://bugs.frugalware.org/task/1485
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969

Description
===========

Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions.
The security issue is caused due to an input validation error in the &quot;evalFolderLine()&quot; function. This can be exploited to execute arbitrary commands by tricking a user into using the &quot;fvwm-menu-directory&quot; command on a specially crafted directory.

Updated Packages
================

Check if you have fvwm-devel installed:

	# pacman -Q fvwm-devel

If found, then you should upgrade to the latest version:

	# pacman -Sy fvwm-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFbK9SZ7NElSD1VhkRAgTxAJ4xaQ3yTizxDOGR9ZHot4FbEQcrSACgmmkA
8bw5fRce8uAy9V9MRxDw/mQ=
=Dx11
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list