Ubuntu Security Notice USN-497-1
13th August, 2007
xfce4-terminal vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Details
Lasse Kärkkäinen discovered that the Xfce Terminal did not correctly
escape shell meta-characters during "Open Link" actions. If a remote
attacker tricked a user into opening a specially crafted URI, they could
execute arbitrary commands with the user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- xfce4-terminal 0.2.6-0ubuntu3.1
- Ubuntu 6.10:
- xfce4-terminal 0.2.5.4-0ubuntu2.1
- Ubuntu 6.06 LTS:
- xfce4-terminal 0.2.5+r21674-0ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart your session to
effect the necessary changes.