MDVSA-2008:240

Package name

vinagre

Date

2008-12-10

Advisory ID

MDVSA-2008:240

Affected versions

2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Alfredo Ortega found a flaw in how Vinagre uses format strings.
A remote attacker could exploit this vulnerability if they were able to
trick a user into connecting to a malicious VNC server, or opening a
specially crafted URI with Vinagre. With older versions of Vinagre,
it was possible to execute arbitrary code with user privileges.
In later versions, Vinagre would abort, leading to a denial of service.

The updated packages have been patched to prevent this issue.

Updated packages

2009.0 x86_64

 5e6214867963cc0d8c3776b05212567a  2009.0/x86_64/vinagre-2.24.0-1.1mdv2009.0.x86_64.rpm 
 a22e09709e3c947737a2eefa29983175  2009.0/SRPMS/vinagre-2.24.0-1.1mdv2009.0.src.rpm

2009.0 i586

 b09a10bb652f5d9afa23e076e139d87c  2009.0/i586/vinagre-2.24.0-1.1mdv2009.0.i586.rpm 
 a22e09709e3c947737a2eefa29983175  2009.0/SRPMS/vinagre-2.24.0-1.1mdv2009.0.src.rpm

2008.1 x86_64

 edeeac6c489b5d1f3863f292c030318f  2008.1/x86_64/vinagre-0.5.0-1.1mdv2008.1.x86_64.rpm 
 eb08aeb2f86562c079477bf0c478c546  2008.1/SRPMS/vinagre-0.5.0-1.1mdv2008.1.src.rpm

2008.1 i586

 a8a6ada09391c2e6a84b21e9df02be0a  2008.1/i586/vinagre-0.5.0-1.1mdv2008.1.i586.rpm 
 eb08aeb2f86562c079477bf0c478c546  2008.1/SRPMS/vinagre-0.5.0-1.1mdv2008.1.src.rpm