SPE files are installed with world-writeable permissions, potentially leading to privilege escalation.
|Package||dev-util/spe on all architectures|
|Affected versions||< 0.7.5c-r1|
|Unaffected versions||>= 0.7.5c-r1, revision >= 0.5.1f-r1|
SPE is a cross-platform Python Integrated Development Environment (IDE).
It was reported that due to an oversight all SPE's files are set as world-writeable.
A local attacker could modify the executable files, causing arbitrary code to be executed with the permissions of the user running SPE.
There is no known workaround at this time.
All SPE users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose dev-util/spe
October 15, 2005
May 22, 2006: 02