GLSA-200611-16 : Texinfo: Buffer overflow
Medium Nessus Plugin ID 23710
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200611-16 (Texinfo: Buffer overflow)
Miloslav Trmac from Red Hat discovered a buffer overflow in the 'readline()' function of texindex.c. The 'readline()' function is called by the texi2dvi and texindex commands.
By enticing a user to open a specially crafted Texinfo file, an attacker could execute arbitrary code with the rights of the user running Texinfo.
There is no known workaround at this time.
SolutionAll Texinfo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/texinfo-4.8-r5'