lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060123195310.GI18299@kainx.org>
Date: Mon, 23 Jan 2006 14:53:10 -0500
From: Michael Jennings <mej@...rm.org>
To: E Announcment List <enlightenment-announce@...ts.sourceforge.net>
Cc: vapier@...too.org, ljlane@...il.com, bugtraq@...urityfocus.com
Subject: LibAST 0.7 Release Fixes Security Vulnerability


I am pleased to announce the release of LibAST 0.7.  The release
summary is below.  Please note that this release contains an important
security fix; all users of LibAST are STRONGLY encouraged to update to
this latest version immediately.

The latest version can be obtained in source, RPM, and SRPM forms at:
http://www.eterm.org/download/

Release Notes:
--------------

The string class is now both an interface and an implementation so
that parallel implementations (e.g., a gstring wrapper) can be
created.  Detection of Imlib2 support, and a pixmap leak when it
was disabled, were fixed.  Also some fixes for gcc4 and newer
autotools have been included.

This release also contains a security fix for CVE-2006-0224, a buffer
overflow vulnerability discovered by Rosiello Security
(www.rosiello.org) which could lead to privilege escalation in
setuid/setgid applications using LibAST's configuration engine.  This
includes any platforms on which Eterm is setuid/setgid (e.g., setgid
utmp).  Thanks to Angelo Rosiello and his team for discovering this
issue and coordinating with me for the fix and release.

More details on the vulnerability are available at
http://www.rosiello.org/en/read_bugs.php?id=25

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej@...nx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "Don't risk more than you can afford to walk away without."
                                                   -- Rule of Life #39


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ