Navigation
|
|
| Problem Description |
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1
and earlier, as used in Eterm and possibly other software, allows
local users to execute arbitrary code as the utmp user via a long -X
argument.
The updated packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2006
bf46177b085a67b202f18b755e34ce60 2006.0/RPMS/libast2-0.6.1-2.1.20060mdk.i586.rpm 16fb69d856d3e877606e8551c359f80c 2006.0/RPMS/libast2-devel-0.6.1-2.1.20060mdk.i586.rpm cc286e5022b221bc91179ac18e39f22b 2006.0/SRPMS/libast-0.6.1-2.1.20060mdk.src.rpm
Mandriva Linux 2006/X86_64
63ecae854470eed332836e1ccd231fd0 x86_64/2006.0/RPMS/lib64ast2-0.6.1-2.1.20060mdk.x86_64.rpm 03cba4d84d22a70711e096bab7db33f4 x86_64/2006.0/RPMS/lib64ast2-devel-0.6.1-2.1.20060mdk.x86_64.rpm cc286e5022b221bc91179ac18e39f22b x86_64/2006.0/SRPMS/libast-0.6.1-2.1.20060mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.