GLSA: bladeenc

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 02/05/03

  • Next message: Bjornar B. Larsen: "RE: Opera: What's Next (GM#005-OP)"
    From: Daniel Ahlberg <aliz@gentoo.org>
    Date: Wed, 5 Feb 2003 13:55:45 +0100
    To: bugtraq@securityfocus.com
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - --------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200302-04
    - - --------------------------------------------------------------------

    PACKAGE : bladeenc
    SUMMARY : arbitrary code execution
    DATE : 2003-02-05 12:55 UTC
    EXPLOIT : local

    - - --------------------------------------------------------------------

    - From advisory:

    "A wave file let the attacker to execute all the code he want on the
    victim"
     
    Read the full advisory at:
    http://www.pivx.com/luigi/adv/blade942-adv.txt

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    media-sound/bladeenc upgrade to bladeenc-0.94.2-r1 as follows:

    emerge sync
    emerge -u bladeenc
    emerge clean

    - - --------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
    styx@gentoo.org
    - - --------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+QQnMfT7nyhUpoZMRAj4gAKCysKGdI94DM7FfPu24xfxjhPPNSgCgowXK
    b+MxfjWXGIiJs2VVyA848RM=
    =Z9lw
    -----END PGP SIGNATURE-----