View Full Version : USN-689-1: Vinagre vulnerability

December 10th, 2008, 01:40 AM
================================================== ========= Ubuntu Security Notice USN-689-1 December 10, 2008 vinagre vulnerability https://launchpad.net/bugs/305623 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: vinagre 0.5.1-0ubuntu1.1 Ubuntu 8.10: vinagre 2.24.1-0ubuntu1.1 After a standard system upgrade you need to restart Vinagre to effect the necessary changes. Details follow: Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A remote attacker could exploit this vulnerability if they tricked a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary code with user privileges. In Ubuntu 8.10, Vinagre would simply abort, leading to a denial of service.

More... (http://www.ubuntu.com/usn/usn-689-1)