Ubuntu Security Notice USN-689-1
9th December, 2008
vinagre vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
Software description
- vinagre
Details
Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A
remote attacker could exploit this vulnerability if they tricked a user
into connecting to a malicious VNC server, or opening a specially crafted
URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary
code with user privileges. In Ubuntu 8.10, Vinagre would simply abort,
leading to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- vinagre 2.24.1-0ubuntu1.1
- Ubuntu 8.04 LTS:
- vinagre 0.5.1-0ubuntu1.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart Vinagre to effect
the necessary changes.