View Full Version : USN-560-1: Tomboy vulnerability

January 8th, 2008, 07:00 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-560-1 January 07, 2008 tomboy vulnerability CVE-2005-4790 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tomboy 0.3.5-1ubuntu3.1 Ubuntu 6.10: tomboy 0.4.1-0ubuntu3.1 Ubuntu 7.04: tomboy 0.6.3-0ubuntu1.1 Ubuntu 7.10: tomboy 0.8.0-1ubuntu0.1 After a standard system upgrade you need to restart Tomboy to effect the necessary changes. Details follow: Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

More... (http://www.ubuntu.com/usn/usn-560-1)