GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Jul 30, 2005 7:33 pm Post subject: [ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffe |
|
|
Gentoo Linux Security Advisory
Title: AMD64 x86 emulation base libraries: Buffer overflow (GLSA 200507-28)
Severity: high
Exploitable: remote
Date: July 30, 2005
Updated: August 02, 2005
Bug(s): #100686
ID: 200507-28
Synopsis
The x86 emulation base libraries for AMD64 contain a vulnerable version of
zlib which could potentially lead to execution of arbitrary code.
Background
The x86 emulation base libraries for AMD64 emulate the x86 (32-bit)
architecture on the AMD64 (64-bit) architecture.
Affected Packages
Package: app-emulation/emul-linux-x86-baselibs
Vulnerable: < 2.1.2
Unaffected: >= 2.1.2
Architectures: AMD64
Description
Earlier versions of emul-linux-x86-baselibs contain a vulnerable
version of zlib, which may lead to a buffer overflow.
Impact
By creating a specially crafted compressed data stream, attackers can
overwrite data structures for applications that use the x86 emulation
base libraries for AMD64, resulting in a Denial of Service and
potentially arbitrary code execution.
Workaround
There is no known workaround at this time.
Resolution
All AMD64 x86 emulation base libraries users should upgrade to the
latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-baselibs |
References
GLSA 200507-05
GLSA 200507-19
CAN-2005-1849
CAN-2005-2096
Last edited by GLSA on Mon Jun 10, 2013 4:20 am; edited 4 times in total |
|