LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2010:161: vte Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in vte: The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : vte
 Date    : August 24, 2010
 Affected: 2009.1, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in vte:
 
 The vte_sequence_handler_window_manipulation function in vteseq.c
 in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
 gnome-terminal, does not properly handle escape sequences, which
 allows remote attackers to execute arbitrary commands or obtain
 potentially sensitive information via a (1) window title or (2) icon
 title sequence.  NOTE: this issue exists because of a CVE-2003-0070
 regression (CVE-2010-2713).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 b2d5a79aa4530215ba63bc5a95173de0  2009.1/i586/libvte9-0.20.1-1.1mdv2009.1.i586.rpm
 e734de2689ad3cf33cd9ca2753f7b0a8  2009.1/i586/libvte-devel-0.20.1-1.1mdv2009.1.i586.rpm
 aa73f0033be676f1299c7740d4955491  2009.1/i586/python-vte-0.20.1-1.1mdv2009.1.i586.rpm
 ccf35018be4d70b879fbe57b472b29cf  2009.1/i586/vte-0.20.1-1.1mdv2009.1.i586.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9e6cbdb9dca23f70463e06c21c52d903  2009.1/x86_64/lib64vte9-0.20.1-1.1mdv2009.1.x86_64.rpm
 007a2b90ccb566c8a27b34f54decfd7f  2009.1/x86_64/lib64vte-devel-0.20.1-1.1mdv2009.1.x86_64.rpm
 9d632a3c14d1c608506bcdec8f3643ef  2009.1/x86_64/python-vte-0.20.1-1.1mdv2009.1.x86_64.rpm
 f9e4b7463247e2e10c4e98c3cb5e3b35  2009.1/x86_64/vte-0.20.1-1.1mdv2009.1.x86_64.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 549b27c9e0429b7e4e9d28d542c0f3c0  2010.0/i586/libvte9-0.22.2-1.1mdv2010.0.i586.rpm
 01947d45f16ae3c9b76e87e76f4b0b10  2010.0/i586/libvte-devel-0.22.2-1.1mdv2010.0.i586.rpm
 261d4ef94143a26dc790437614fe947a  2010.0/i586/python-vte-0.22.2-1.1mdv2010.0.i586.rpm
 bdcee6ea9f94dd2385d3f0dfeea7d36d  2010.0/i586/vte-0.22.2-1.1mdv2010.0.i586.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 18add7986f54185f81fc95e488eff106  2010.0/x86_64/lib64vte9-0.22.2-1.1mdv2010.0.x86_64.rpm
 c457e799d9019c7424c331e7b9bfe386  2010.0/x86_64/lib64vte-devel-0.22.2-1.1mdv2010.0.x86_64.rpm
 3bd940fe7ad0864328901c556c592c6d  2010.0/x86_64/python-vte-0.22.2-1.1mdv2010.0.x86_64.rpm
 1e2485690ad232f32d4e1cd1862ede5a  2010.0/x86_64/vte-0.22.2-1.1mdv2010.0.x86_64.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 03bc21bd81fff6da6f37afc88afc4cb2  2010.1/i586/libvte9-0.24.1-2.1mdv2010.1.i586.rpm
 3ac8fbc00dd6ec5b230fd3811d6a3339  2010.1/i586/libvte-devel-0.24.1-2.1mdv2010.1.i586.rpm
 881b06f90315338f08fb468e86332cf1  2010.1/i586/python-vte-0.24.1-2.1mdv2010.1.i586.rpm
 6980d3c1d5feb501286eb8ba8096c916  2010.1/i586/vte-0.24.1-2.1mdv2010.1.i586.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 dd410314d1d2ee4e559ee7c60ff03fcb  2010.1/x86_64/lib64vte9-0.24.1-2.1mdv2010.1.x86_64.rpm
 32a0f286397d2130e813d0b15e3582de  2010.1/x86_64/lib64vte-devel-0.24.1-2.1mdv2010.1.x86_64.rpm
 c947e661092ad638b30ff31eab30d01e  2010.1/x86_64/python-vte-0.24.1-2.1mdv2010.1.x86_64.rpm
 6382062f784fe48fdbabd4b5e536c724  2010.1/x86_64/vte-0.24.1-2.1mdv2010.1.x86_64.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.