1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200611-16 / texinfo |
| Release Date | November 21, 2006 |
| Latest Revision | November 21, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| sys-apps/texinfo | < 4.8-r5 | >= 4.8-r5 | All supported architectures |
Related bugreports: #154316
Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.
Texinfo is the official documentation system of the GNU project.
Miloslav Trmac from Red Hat discovered a buffer overflow in the "readline()" function of texindex.c. The "readline()" function is called by the texi2dvi and texindex commands.
By enticing a user to open a specially crafted Texinfo file, an attacker could execute arbitrary code with the rights of the user running Texinfo.
There is no known workaround at this time.
All Texinfo users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r5" |