The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-689-1] Vinagre vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Tue, 9 Dec 2008 16:37:07 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-689-1] Vinagre vulnerability
Message-ID: <20081210003707.GD25309@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="/9ZOS6odDaRI+0hI"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--/9ZOS6odDaRI+0hI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-689-1 December 10, 2008 vinagre vulnerability https://launchpad.net/bugs/305623
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: vinagre 0.5.1-0ubuntu1.1 Ubuntu 8.10: vinagre 2.24.1-0ubuntu1.1 After a standard system upgrade you need to restart Vinagre to effect the necessary changes. Details follow: Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A remote attacker could exploit this vulnerability if they tricked a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary code with user privileges. In Ubuntu 8.10, Vinagre would simply abort, leading to a denial of service. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1.diff.gz Size/MD5: 3366 e37fbea9a3ab1fff84daf49c6aaea8dc http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1.dsc Size/MD5: 1246 ade1709a2ee6d44b61310db3c4a23fda http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_0.5.1.orig.tar.gz Size/MD5: 1213849 3d3bc73db7f86286b000906be52aaaa6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1_amd64.deb Size/MD5: 686380 0aa6d17d90e44908e9744ec4869d23af i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1_i386.deb Size/MD5: 683658 a8fbd34a10ee2b48b0ba6653bb2f4f65 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1_lpia.deb Size/MD5: 683584 a74f68064ff76e5ad23dd0b37c67144b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1_powerpc.deb Size/MD5: 689330 27586485bdc704afc321a2d1c96a8b74 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_0.5.1-0ubuntu1.1_sparc.deb Size/MD5: 684872 2050931666716fd8aff124ad57508de8 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1.diff.gz Size/MD5: 5844 643dc942b5a60b89da65b1920f9e79c9 http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1.dsc Size/MD5: 1833 f10ff1d6faa1c4ae67c7cc625918d7b8 http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_2.24.1.orig.tar.gz Size/MD5: 1519850 d3d421b9d3e76918cf447e00e2ff4aed amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1_amd64.deb Size/MD5: 1003668 c3f8746326c23f534d1cb614c3cb9703 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1_i386.deb Size/MD5: 994708 925bed98ce092088dc6bd90129cc2c3a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1_lpia.deb Size/MD5: 994026 676aee4fd2e784a38af268e7e86e782f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1_powerpc.deb Size/MD5: 1002480 818e5f672cc5d23822e1fdc16e438338 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/v/vinagre/vinagre_2.24.1-0ubuntu1.1_sparc.deb Size/MD5: 998266 2448af1f4c0e05f554d313a0edbcb997 --/9ZOS6odDaRI+0hI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAkk/DzMACgkQH/9LqRcGPm1K3QCfVKFq2hVcLZeaWaJyJd06UUG/ x7UAnRHtLmlQo/Z8NeJYQAuJfG1+NUPC =Y7zs -----END PGP SIGNATURE----- --/9ZOS6odDaRI+0hI--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру