Paketname
vte
Datum
2010-08-24
Advisory ID
MDVSA-2010:161
Betroffene Versionen
2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , 2010.1 x86_64

Problembeschreibung

A vulnerability has been found and corrected in vte:

The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

2010.0 x86_64

 18add7986f54185f81fc95e488eff106  2010.0/x86_64/lib64vte9-0.22.2-1.1mdv2010.0.x86_64.rpm
 c457e799d9019c7424c331e7b9bfe386  2010.0/x86_64/lib64vte-devel-0.22.2-1.1mdv2010.0.x86_64.rpm
 3bd940fe7ad0864328901c556c592c6d  2010.0/x86_64/python-vte-0.22.2-1.1mdv2010.0.x86_64.rpm
 1e2485690ad232f32d4e1cd1862ede5a  2010.0/x86_64/vte-0.22.2-1.1mdv2010.0.x86_64.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

2010.1 i586

 03bc21bd81fff6da6f37afc88afc4cb2  2010.1/i586/libvte9-0.24.1-2.1mdv2010.1.i586.rpm
 3ac8fbc00dd6ec5b230fd3811d6a3339  2010.1/i586/libvte-devel-0.24.1-2.1mdv2010.1.i586.rpm
 881b06f90315338f08fb468e86332cf1  2010.1/i586/python-vte-0.24.1-2.1mdv2010.1.i586.rpm
 6980d3c1d5feb501286eb8ba8096c916  2010.1/i586/vte-0.24.1-2.1mdv2010.1.i586.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm

2010.0 i586

 549b27c9e0429b7e4e9d28d542c0f3c0  2010.0/i586/libvte9-0.22.2-1.1mdv2010.0.i586.rpm
 01947d45f16ae3c9b76e87e76f4b0b10  2010.0/i586/libvte-devel-0.22.2-1.1mdv2010.0.i586.rpm
 261d4ef94143a26dc790437614fe947a  2010.0/i586/python-vte-0.22.2-1.1mdv2010.0.i586.rpm
 bdcee6ea9f94dd2385d3f0dfeea7d36d  2010.0/i586/vte-0.22.2-1.1mdv2010.0.i586.rpm 
 e3f61964adb4a8d6f09bc0896a4686f9  2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm

2009.1 i586

 b2d5a79aa4530215ba63bc5a95173de0  2009.1/i586/libvte9-0.20.1-1.1mdv2009.1.i586.rpm
 e734de2689ad3cf33cd9ca2753f7b0a8  2009.1/i586/libvte-devel-0.20.1-1.1mdv2009.1.i586.rpm
 aa73f0033be676f1299c7740d4955491  2009.1/i586/python-vte-0.20.1-1.1mdv2009.1.i586.rpm
 ccf35018be4d70b879fbe57b472b29cf  2009.1/i586/vte-0.20.1-1.1mdv2009.1.i586.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

2009.1 x86_64

 9e6cbdb9dca23f70463e06c21c52d903  2009.1/x86_64/lib64vte9-0.20.1-1.1mdv2009.1.x86_64.rpm
 007a2b90ccb566c8a27b34f54decfd7f  2009.1/x86_64/lib64vte-devel-0.20.1-1.1mdv2009.1.x86_64.rpm
 9d632a3c14d1c608506bcdec8f3643ef  2009.1/x86_64/python-vte-0.20.1-1.1mdv2009.1.x86_64.rpm
 f9e4b7463247e2e10c4e98c3cb5e3b35  2009.1/x86_64/vte-0.20.1-1.1mdv2009.1.x86_64.rpm 
 a347acab6a738ed56ffbd8236e373324  2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm

2010.1 x86_64

 dd410314d1d2ee4e559ee7c60ff03fcb  2010.1/x86_64/lib64vte9-0.24.1-2.1mdv2010.1.x86_64.rpm
 32a0f286397d2130e813d0b15e3582de  2010.1/x86_64/lib64vte-devel-0.24.1-2.1mdv2010.1.x86_64.rpm
 c947e661092ad638b30ff31eab30d01e  2010.1/x86_64/python-vte-0.24.1-2.1mdv2010.1.x86_64.rpm
 6382062f784fe48fdbabd4b5e536c724  2010.1/x86_64/vte-0.24.1-2.1mdv2010.1.x86_64.rpm 
 578fd4339c2d63b1162e0c5160e1a16f  2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm

Referenzen