drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libcaca
| Name: |
Ausführen beliebiger Kommandos in libcaca |
|
| ID: |
202402-19 |
|
| Distribution: |
Gentoo |
|
| Plattformen: |
Keine Angabe |
|
| Datum: |
So, 18. Februar 2024, 21:03 |
|
| Referenzen: |
https://nvd.nist.gov/vuln/detail/CVE-2021-3410 |
|
| Applikationen: |
libcaca |
|
Originalnachricht |
--===============1599259012310455446==
Content-Type: text/plain; charset="utf-8"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libcaca: Arbitary Code Execution
Date: February 18, 2024
Bugs: #772317
ID: 202402-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in libcaca which can lead to
arbitrary code execution.
Background
==========
libcaca is a library that creates colored ASCII-art graphics.
Affected packages
=================
Package Vulnerable Unaffected
------------------ ---------------- -----------------
media-libs/libcaca < 0.99_beta19-r4 >= 0.99_beta19-r4
Description
===========
A vulnerability has been discovered in libcaca. Please review the CVE
identifier referenced below for details.
Impact
======
A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c
may lead to local execution of arbitrary code in the user context.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libcaca users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/libcaca-0.99_beta19-r4"
References
==========
[ 1 ] CVE-2021-3410
https://nvd.nist.gov/vuln/detail/CVE-2021-3410
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-19
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
--===============1599259012310455446==
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmXR2oIACgkQFMQkOaVy
+9lm7hAAmU9DBxs6SDER4JqFzF9pfMZa6xNrjabYjed5o+qczzogF/6/8ulXw7IW
+Nwaz8lNclnptfyNePtf5jwj/4y4tI3ZIvXKZ3hR3iCeaUTr0ddBrPYlF6xH3z1j
li1QrMoiMxO40xc6MBFfiTjnjyQ0P+I4iZi0EdRvAoXK0d/El68CAMTbbmnwdxFZ
Ho8bKfy5b90EJTvok55EYXjlDESlcZ1PGjeD+PVUFh4YvaTeBGVtK0VfDwFC8yNk
vOf7DQ4Ie0ED3XgkYz5bUfS4QkvBK7OcmSWRcw2MaLoGKrvguYcDQ+u2W+BgWd0X
0USU0bwfwVu5f4FQgof6ktnDh6M+62Ao8gxjVFKTu5A6Or4/D0Co7LxDNr1r7iiP
njMrG4/TqPK9wR6QWOQaJECzpn2QltMNyhEeC+/DpWZO54HgfyUoEk7pUJaLvlhl
TJ3Eszr/0yHen8GEVdLFtxSJTVShxszMSJdrqJy9Bw+reqn73uNl0iXWzhKpGwo8
eXc9kDW6aXU0dDiRtn7iOtLTukhV6GoGdfwB4kzZLIYcQLUIyyRWa26lpWoYLA4e
woAUYc/o9Dg1E/GDIhzGxOmwR4aM9Uvq6917fhEumHbEGEiTwZaZYO6CzlRKS4hO
92SuamcGO0aPXy+3leaA2F3pTK2kI8TEdS8g0GnhJBoPywfErNo=
=usSD
-----END PGP SIGNATURE-----
--===============1599259012310455446==--
|
|
|
|
