Full Disclosure mailing list archives

rPSA-2006-0219-1 info install-info texinfo

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Mon, 27 Nov 2006 10:44:06 -0500

rPath Security Advisory: 2006-0219-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
    install-info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
    texinfo=/conary.rpath.com@rpl:devel//1/4.8-6.2-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
    https://issues.rpath.com/browse/RPL-810

Description:
    Previous versions of the texinfo package can be caused to execute
    arbitrary code contained in an intentionally malformed texinfo
    file.  These texinfo commands are often run automatically when
    building software packages.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

rPSA-2006-0219-1 info install-info texinfo rPath Update Announcements (Nov 27)