GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jun 27, 2016 1:26 am Post subject: [ glsa 201606-16 ] plib |
|
|
Gentoo Linux Security Advisory
Title: PLIB: Buffer overflow vulnerability (GLSA 201606-16)
Severity: normal
Exploitable: remote
Date: June 26, 2016
Bug(s): #395553
ID: 201606-16
Synopsis
A buffer overflow in PLIB might allow remote attackers to execute
arbitrary code.
Background
PLIB includes sound effects, music, a complete 3D engine, font
rendering, a simple Windowing library, a game scripting language, a GUI,
networking, 3D math library and a collection of handy utility functions.
Affected Packages
Package: media-libs/plib
Vulnerable: < 1.8.5-r1
Unaffected: >= 1.8.5-r1
Architectures: All supported architectures
Description
A buffer overflow in PLIB allows user-assisted remote attackers to
execute arbitrary code via vectors involving a long error message, as
demonstrated by a crafted acc file for TORCS.
Impact
Remote attackers could execute arbitrary code with the privileges of the
process.
Workaround
There is no known workaround at this time.
Resolution
All PLIB users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --verbose --oneshot ">=media-libs/plib-1.8.5-r1"
|
References
CVE-2011-4620 |
|