lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Onzrh-0006Ce-M5@titan.mandriva.com>
Date: Tue, 24 Aug 2010 22:13:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:161 ] vte

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : vte
 Date    : August 24, 2010
 Affected: 2009.1, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in vte:
 
 The vte_sequence_handler_window_manipulation function in vteseq.c
 in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
 gnome-terminal, does not properly handle escape sequences, which
 allows remote attackers to execute arbitrary commands or obtain
 potentially sensitive information via a (1) window title or (2) icon
 title sequence.  NOTE: this issue exists because of a CVE-2003-0070
 regression (CVE-2010-2713).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 b2d5a79aa4530215ba63bc5a95173de0  2009.1/i586/libvte9-0.20.1-1.1mdv2009.1.i586.rpm
 e734de2689ad3cf33cd9ca2753f7b0a8  2009.1/i586/libvte-devel-0.20.1-1.1mdv2009.1.i586.rpm
 aa73f0033be676f1299c7740d4955491  2009.1/i586/python-vte-0.20.1-1.1mdv2009.1.i586.rpm
 ccf35018be4d70b879fbe57b472b29cf  2009.1/i586/vte-0.20.1-1.1mdv2009.1.i586.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9e6cbdb9dca23f70463e06c21c52d903  2009.1/x86_64/lib64vte9-0.20.1-1.1mdv2009.1.x86_64.rpm
 007a2b90ccb566c8a27b34f54decfd7f  2009.1/x86_64/lib64vte-devel-0.20.1-1.1mdv2009.1.x86_64.rpm
 9d632a3c14d1c608506bcdec8f3643ef  2009.1/x86_64/python-vte-0.20.1-1.1mdv2009.1.x86_64.rpm
 f9e4b7463247e2e10c4e98c3cb5e3b35  2009.1/x86_64/vte-0.20.1-1.1mdv2009.1.x86_64.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 549b27c9e0429b7e4e9d28d542c0f3c0  2010.0/i586/libvte9-0.22.2-1.1mdv2010.0.i586.rpm
 01947d45f16ae3c9b76e87e76f4b0b10  2010.0/i586/libvte-devel-0.22.2-1.1mdv2010.0.i586.rpm
 261d4ef94143a26dc790437614fe947a  2010.0/i586/python-vte-0.22.2-1.1mdv2010.0.i586.rpm
 bdcee6ea9f94dd2385d3f0dfeea7d36d  2010.0/i586/vte-0.22.2-1.1mdv2010.0.i586.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 18add7986f54185f81fc95e488eff106  2010.0/x86_64/lib64vte9-0.22.2-1.1mdv2010.0.x86_64.rpm
 c457e799d9019c7424c331e7b9bfe386  2010.0/x86_64/lib64vte-devel-0.22.2-1.1mdv2010.0.x86_64.rpm
 3bd940fe7ad0864328901c556c592c6d  2010.0/x86_64/python-vte-0.22.2-1.1mdv2010.0.x86_64.rpm
 1e2485690ad232f32d4e1cd1862ede5a  2010.0/x86_64/vte-0.22.2-1.1mdv2010.0.x86_64.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 03bc21bd81fff6da6f37afc88afc4cb2  2010.1/i586/libvte9-0.24.1-2.1mdv2010.1.i586.rpm
 3ac8fbc00dd6ec5b230fd3811d6a3339  2010.1/i586/libvte-devel-0.24.1-2.1mdv2010.1.i586.rpm
 881b06f90315338f08fb468e86332cf1  2010.1/i586/python-vte-0.24.1-2.1mdv2010.1.i586.rpm
 6980d3c1d5feb501286eb8ba8096c916  2010.1/i586/vte-0.24.1-2.1mdv2010.1.i586.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 dd410314d1d2ee4e559ee7c60ff03fcb  2010.1/x86_64/lib64vte9-0.24.1-2.1mdv2010.1.x86_64.rpm
 32a0f286397d2130e813d0b15e3582de  2010.1/x86_64/lib64vte-devel-0.24.1-2.1mdv2010.1.x86_64.rpm
 c947e661092ad638b30ff31eab30d01e  2010.1/x86_64/python-vte-0.24.1-2.1mdv2010.1.x86_64.rpm
 6382062f784fe48fdbabd4b5e536c724  2010.1/x86_64/vte-0.24.1-2.1mdv2010.1.x86_64.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMc/rCmqjQ0CJFipgRAn/oAJ0c4O36ngxve15ADqoWG69H3+YFmACffXep
Ou35xQytEEhWMqa/ERalJrY=
=NkDp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ