Ubuntu Security Notice USN-560-1
7th January, 2008
tomboy vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- tomboy
Details
Jan Oravec discovered that Tomboy did not properly setup the
LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking
the program.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.10:
- tomboy 0.8.0-1ubuntu0.1
- Ubuntu 7.04:
- tomboy 0.6.3-0ubuntu1.1
- Ubuntu 6.10:
- tomboy 0.4.1-0ubuntu3.1
- Ubuntu 6.06 LTS:
- tomboy 0.3.5-1ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart Tomboy to effect
the necessary changes.