Mandriva Linux Security Advisory 2010-161 - The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. The updated packages have been patched to correct this issue.
5c7a414367f3129cbf38fe91e8a83bb33c301685dd0732c30600871a9afdbbef-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:161
http://www.mandriva.com/security/
_______________________________________________________________________
Package : vte
Date : August 24, 2010
Affected: 2009.1, 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in vte:
The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
b2d5a79aa4530215ba63bc5a95173de0 2009.1/i586/libvte9-0.20.1-1.1mdv2009.1.i586.rpm
e734de2689ad3cf33cd9ca2753f7b0a8 2009.1/i586/libvte-devel-0.20.1-1.1mdv2009.1.i586.rpm
aa73f0033be676f1299c7740d4955491 2009.1/i586/python-vte-0.20.1-1.1mdv2009.1.i586.rpm
ccf35018be4d70b879fbe57b472b29cf 2009.1/i586/vte-0.20.1-1.1mdv2009.1.i586.rpm
a347acab6a738ed56ffbd8236e373324 2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
9e6cbdb9dca23f70463e06c21c52d903 2009.1/x86_64/lib64vte9-0.20.1-1.1mdv2009.1.x86_64.rpm
007a2b90ccb566c8a27b34f54decfd7f 2009.1/x86_64/lib64vte-devel-0.20.1-1.1mdv2009.1.x86_64.rpm
9d632a3c14d1c608506bcdec8f3643ef 2009.1/x86_64/python-vte-0.20.1-1.1mdv2009.1.x86_64.rpm
f9e4b7463247e2e10c4e98c3cb5e3b35 2009.1/x86_64/vte-0.20.1-1.1mdv2009.1.x86_64.rpm
a347acab6a738ed56ffbd8236e373324 2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
549b27c9e0429b7e4e9d28d542c0f3c0 2010.0/i586/libvte9-0.22.2-1.1mdv2010.0.i586.rpm
01947d45f16ae3c9b76e87e76f4b0b10 2010.0/i586/libvte-devel-0.22.2-1.1mdv2010.0.i586.rpm
261d4ef94143a26dc790437614fe947a 2010.0/i586/python-vte-0.22.2-1.1mdv2010.0.i586.rpm
bdcee6ea9f94dd2385d3f0dfeea7d36d 2010.0/i586/vte-0.22.2-1.1mdv2010.0.i586.rpm
e3f61964adb4a8d6f09bc0896a4686f9 2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
18add7986f54185f81fc95e488eff106 2010.0/x86_64/lib64vte9-0.22.2-1.1mdv2010.0.x86_64.rpm
c457e799d9019c7424c331e7b9bfe386 2010.0/x86_64/lib64vte-devel-0.22.2-1.1mdv2010.0.x86_64.rpm
3bd940fe7ad0864328901c556c592c6d 2010.0/x86_64/python-vte-0.22.2-1.1mdv2010.0.x86_64.rpm
1e2485690ad232f32d4e1cd1862ede5a 2010.0/x86_64/vte-0.22.2-1.1mdv2010.0.x86_64.rpm
e3f61964adb4a8d6f09bc0896a4686f9 2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
03bc21bd81fff6da6f37afc88afc4cb2 2010.1/i586/libvte9-0.24.1-2.1mdv2010.1.i586.rpm
3ac8fbc00dd6ec5b230fd3811d6a3339 2010.1/i586/libvte-devel-0.24.1-2.1mdv2010.1.i586.rpm
881b06f90315338f08fb468e86332cf1 2010.1/i586/python-vte-0.24.1-2.1mdv2010.1.i586.rpm
6980d3c1d5feb501286eb8ba8096c916 2010.1/i586/vte-0.24.1-2.1mdv2010.1.i586.rpm
578fd4339c2d63b1162e0c5160e1a16f 2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
dd410314d1d2ee4e559ee7c60ff03fcb 2010.1/x86_64/lib64vte9-0.24.1-2.1mdv2010.1.x86_64.rpm
32a0f286397d2130e813d0b15e3582de 2010.1/x86_64/lib64vte-devel-0.24.1-2.1mdv2010.1.x86_64.rpm
c947e661092ad638b30ff31eab30d01e 2010.1/x86_64/python-vte-0.24.1-2.1mdv2010.1.x86_64.rpm
6382062f784fe48fdbabd4b5e536c724 2010.1/x86_64/vte-0.24.1-2.1mdv2010.1.x86_64.rpm
578fd4339c2d63b1162e0c5160e1a16f 2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMc/rCmqjQ0CJFipgRAn/oAJ0c4O36ngxve15ADqoWG69H3+YFmACffXep
Ou35xQytEEhWMqa/ERalJrY=
=NkDp
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed