Joined: 12 May 2004
|Posted: Sat Aug 08, 2020 4:26 am Post subject: [ glsa 202008-02 ] gnu global
|Gentoo Linux Security Advisory
Title: GNU GLOBAL: Arbitrary code execution (GLSA 202008-02)
A vulnerability in GNU GLOBAL was discovered, possibly allowing
remote attackers to execute arbitrary code.
GNU GLOBAL is a source code tagging system that works the same way
across diverse environments, such as Emacs editor, Vi editor, Less
viewer, Bash shell, various web browsers, etc.
Vulnerable: < 6.6.4
Unaffected: >= 6.6.4
Architectures: All supported architectures
A vulnerability was found in an undocumented function of gozilla.
A remote attacker could entice a user to open a specially crafted URL
using GNU GLOBAL, possibly resulting in execution of arbitrary code with
the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All GNU GLOBAL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/global-6.6.4"