USN-689-1: Vinagre vulnerability

Ubuntu Security Notice USN-689-1

9th December, 2008

vinagre vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS

Software description

  • vinagre

Details

Alfredo Ortega discovered a flaw in Vinagre's use of format strings. A
remote attacker could exploit this vulnerability if they tricked a user
into connecting to a malicious VNC server, or opening a specially crafted
URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary
code with user privileges. In Ubuntu 8.10, Vinagre would simply abort,
leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
vinagre 2.24.1-0ubuntu1.1
Ubuntu 8.04 LTS:
vinagre 0.5.1-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart Vinagre to effect
the necessary changes.

References

LP: 305623