LTris: Buffer overflow — GLSA 200503-24

LTris is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

Affected Packages

games-puzzle/ltris on all architectures
Affected versions < 1.0.10
Unaffected versions >= 1.0.10

Background

LTris is a Tetris clone.

Description

LTris is vulnerable to a buffer overflow when reading the global highscores file.

Impact

By modifying the global highscores file a malicious user could trick another user to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All LTris users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"

References

Release Date
March 20, 2005

Latest Revision
March 20, 2005: 01

Severity
normal

Exploitable
local

Bugzilla entries