[42483] in bugtraq
LibAST 0.7 Release Fixes Security Vulnerability
daemon@ATHENA.MIT.EDU (Michael Jennings)
Sat Jan 28 12:45:58 2006
Date: Mon, 23 Jan 2006 14:53:10 -0500
From: Michael Jennings <mej@eterm.org>
To: E Announcment List <enlightenment-announce@lists.sourceforge.net>
Cc: vapier@gentoo.org, ljlane@gmail.com, bugtraq@securityfocus.com
Message-ID: <20060123195310.GI18299@kainx.org>
Mail-Followup-To: E Announcment List <enlightenment-announce@lists.sourceforge.net>,
vapier@gentoo.org, ljlane@gmail.com, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
I am pleased to announce the release of LibAST 0.7. The release
summary is below. Please note that this release contains an important
security fix; all users of LibAST are STRONGLY encouraged to update to
this latest version immediately.
The latest version can be obtained in source, RPM, and SRPM forms at:
http://www.eterm.org/download/
Release Notes:
--------------
The string class is now both an interface and an implementation so
that parallel implementations (e.g., a gstring wrapper) can be
created. Detection of Imlib2 support, and a pixmap leak when it
was disabled, were fixed. Also some fixes for gcc4 and newer
autotools have been included.
This release also contains a security fix for CVE-2006-0224, a buffer
overflow vulnerability discovered by Rosiello Security
(www.rosiello.org) which could lead to privilege escalation in
setuid/setgid applications using LibAST's configuration engine. This
includes any platforms on which Eterm is setuid/setgid (e.g., setgid
utmp). Thanks to Angelo Rosiello and his team for discovering this
issue and coordinating with me for the fix and release.
More details on the vulnerability are available at
http://www.rosiello.org/en/read_bugs.php?id=25
Michael
--
Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej@kainx.org>
n + 1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
"Don't risk more than you can afford to walk away without."
-- Rule of Life #39
