AMD64 x86 emulation base libraries: Buffer overflow — GLSA 200507-28

The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code.

Affected packages

app-emulation/emul-linux-x86-baselibs on the amd64 architecture
Affected versions < 2.1.2
Unaffected versions >= 2.1.2

Background

The x86 emulation base libraries for AMD64 emulate the x86 (32-bit) architecture on the AMD64 (64-bit) architecture.

Description

Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow.

Impact

By creating a specially crafted compressed data stream, attackers can overwrite data structures for applications that use the x86 emulation base libraries for AMD64, resulting in a Denial of Service and potentially arbitrary code execution.

Workaround

There is no known workaround at this time.

Resolution

All AMD64 x86 emulation base libraries users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose app-emulation/emul-linux-x86-baselibs

References

Release date
July 30, 2005

Latest revision
August 02, 2005: 02

Severity
high

Exploitable
remote

Bugzilla entries