CVE-2007-6183

Name of the Vulnerable Software and Affected Versions Ruby-GNOME 2 versions 0.16.0 and SVN versions before 20071127 libgconf2-ruby (affected versions not specified) libgstreamer0.8-ruby (affected versions not specified) libgnome2-ruby (affected versions not specified) libvte-ruby (affected versions not specified) liblink-grammar4-dev (affected versions not specified) libgnomevfs2-ruby (affected versions not specified) libgnomecanvas2-ruby (affected versions not specified) libgnomeprintui2-ruby (affected versions not specified) libgda2-ruby (affected versions not specified) libgnomeprint2-ruby (affected versions not specified) libpango1-ruby (affected versions not specified)

Description The issue is related to a format string vulnerability in the mdiag initialize function, allowing context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. Additionally, multiple vulnerabilities have been identified in various Ruby packages for Debian GNU/Linux, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Ruby-GNOME 2 versions 0.16.0 and SVN versions before 20071127: Update to a version after 20071127 to resolve the issue. For libgconf2-ruby, libgstreamer0.8-ruby, libgnome2-ruby, libvte-ruby, liblink-grammar4-dev, libgnomevfs2-ruby, libgnomecanvas2-ruby, libgnomeprintui2-ruby, libgda2-ruby, libgnomeprint2-ruby, and libpango1-ruby: At the moment, there is no information about a newer version that contains a fix for this vulnerability.