Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-16] Texinfo: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
Texinfo: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-16
(Texinfo: Buffer overflow)
Miloslav Trmac from Red Hat discovered a buffer overflow in the
"readline()" function of texindex.c. The "readline()" function is
called by the texi2dvi and texindex commands.
By enticing a user to open a specially crafted Texinfo file, an
attacker could execute arbitrary code with the rights of the user
There is no known workaround at this time.
All Texinfo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/texinfo-4.8-r5"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.