=========================================================== 
Ubuntu Security Notice USN-560-1           January 07, 2008
tomboy vulnerability
CVE-2005-4790
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tomboy                          0.3.5-1ubuntu3.1

Ubuntu 6.10:
  tomboy                          0.4.1-0ubuntu3.1

Ubuntu 7.04:
  tomboy                          0.6.3-0ubuntu1.1

Ubuntu 7.10:
  tomboy                          0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect
the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the
LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking
the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    23933 6c9f715503954349ea56aeb86da98da6
          Size/MD5:      887 67368aeea634e7ea85404c08c7203752
          Size/MD5:   665911 63da1e4c752fa8802b40eb5b4726ff35

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   151414 66f0431f00f2b408d36142573e0ae81a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   148058 20c1fad5297117a6b7a42ce22c542c09

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   149712 314fdc7e7c09989828f867076f3a9916

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   148738 b966585a564a3a8485195ebc445c8811

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:     7320 9ee233ef334cd4df7ed06ca10f66a29f
          Size/MD5:      921 663cff08a633aea0a39432269e702bb5
          Size/MD5:   937041 7e9ab15b8c799d265676173f8a8de7ce

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   425900 4e7c700e7997cd0ea9c125d907765b47

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   423536 2233018b7964415d4d92f2226cceacae

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   424412 0658a6b6650b43cca494c6c54bc36a7c

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   422726 279345713a6a1a2aad6f94ba95926a0e

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:    14285 c99ec66159af23c7c8bf0b34034c010a
          Size/MD5:     1142 f7be2cce138282dcadee5df308b756ae
          Size/MD5:  1878094 566af33c4956e05512a57ae7a63c849f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  1198448 78c9f1957ebe8496234fb583ed577909

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  1196104 542d2466b008e9e258dc1cb4375a06f4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  1200260 58b6d75c2db39bb929f5e1566bee9462

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  1195606 8b2cce4383671a94d02f81f3492cf9f4

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:    12763 2c560717c1a85b755c88a868a9ae541c
          Size/MD5:     1070 4c87625903828c6a5405f75e1a9f4501
          Size/MD5:  2535671 28cf74d74090c7479c5716d8cbe6ed6a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  2392716 7f03c42d8f7f06c413ea1e265582e446

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  2389672 09bb10c6e415f3d5310f4966b7871478

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  2396612 f3be6029861078af5aabb0c39760cbe2

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  2388798 0aacedaf7c9a2b32ffa59562651df420

Ubuntu: Tomboy vulnerability

January 7, 2008
Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-560-1 January 07, 2008

Package Information

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved