MDVSA-2010:161
- Package name
- vte
- Date
- 2010-08-24
- Advisory ID
- MDVSA-2010:161
- Affected versions
- 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in vte:
The vte_sequence_handler_window_manipulation function in vteseq.c
in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in
gnome-terminal, does not properly handle escape sequences, which
allows remote attackers to execute arbitrary commands or obtain
potentially sensitive information via a (1) window title or (2) icon
title sequence. NOTE: this issue exists because of a CVE-2003-0070
regression (CVE-2010-2713).
The updated packages have been patched to correct this issue.
Updated packages
2010.0 x86_64
18add7986f54185f81fc95e488eff106 2010.0/x86_64/lib64vte9-0.22.2-1.1mdv2010.0.x86_64.rpm c457e799d9019c7424c331e7b9bfe386 2010.0/x86_64/lib64vte-devel-0.22.2-1.1mdv2010.0.x86_64.rpm 3bd940fe7ad0864328901c556c592c6d 2010.0/x86_64/python-vte-0.22.2-1.1mdv2010.0.x86_64.rpm 1e2485690ad232f32d4e1cd1862ede5a 2010.0/x86_64/vte-0.22.2-1.1mdv2010.0.x86_64.rpm e3f61964adb4a8d6f09bc0896a4686f9 2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm
2010.1 i586
03bc21bd81fff6da6f37afc88afc4cb2 2010.1/i586/libvte9-0.24.1-2.1mdv2010.1.i586.rpm 3ac8fbc00dd6ec5b230fd3811d6a3339 2010.1/i586/libvte-devel-0.24.1-2.1mdv2010.1.i586.rpm 881b06f90315338f08fb468e86332cf1 2010.1/i586/python-vte-0.24.1-2.1mdv2010.1.i586.rpm 6980d3c1d5feb501286eb8ba8096c916 2010.1/i586/vte-0.24.1-2.1mdv2010.1.i586.rpm 578fd4339c2d63b1162e0c5160e1a16f 2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm
2010.0 i586
549b27c9e0429b7e4e9d28d542c0f3c0 2010.0/i586/libvte9-0.22.2-1.1mdv2010.0.i586.rpm 01947d45f16ae3c9b76e87e76f4b0b10 2010.0/i586/libvte-devel-0.22.2-1.1mdv2010.0.i586.rpm 261d4ef94143a26dc790437614fe947a 2010.0/i586/python-vte-0.22.2-1.1mdv2010.0.i586.rpm bdcee6ea9f94dd2385d3f0dfeea7d36d 2010.0/i586/vte-0.22.2-1.1mdv2010.0.i586.rpm e3f61964adb4a8d6f09bc0896a4686f9 2010.0/SRPMS/vte-0.22.2-1.1mdv2010.0.src.rpm
2009.1 i586
b2d5a79aa4530215ba63bc5a95173de0 2009.1/i586/libvte9-0.20.1-1.1mdv2009.1.i586.rpm e734de2689ad3cf33cd9ca2753f7b0a8 2009.1/i586/libvte-devel-0.20.1-1.1mdv2009.1.i586.rpm aa73f0033be676f1299c7740d4955491 2009.1/i586/python-vte-0.20.1-1.1mdv2009.1.i586.rpm ccf35018be4d70b879fbe57b472b29cf 2009.1/i586/vte-0.20.1-1.1mdv2009.1.i586.rpm a347acab6a738ed56ffbd8236e373324 2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm
2009.1 x86_64
9e6cbdb9dca23f70463e06c21c52d903 2009.1/x86_64/lib64vte9-0.20.1-1.1mdv2009.1.x86_64.rpm 007a2b90ccb566c8a27b34f54decfd7f 2009.1/x86_64/lib64vte-devel-0.20.1-1.1mdv2009.1.x86_64.rpm 9d632a3c14d1c608506bcdec8f3643ef 2009.1/x86_64/python-vte-0.20.1-1.1mdv2009.1.x86_64.rpm f9e4b7463247e2e10c4e98c3cb5e3b35 2009.1/x86_64/vte-0.20.1-1.1mdv2009.1.x86_64.rpm a347acab6a738ed56ffbd8236e373324 2009.1/SRPMS/vte-0.20.1-1.1mdv2009.1.src.rpm
2010.1 x86_64
dd410314d1d2ee4e559ee7c60ff03fcb 2010.1/x86_64/lib64vte9-0.24.1-2.1mdv2010.1.x86_64.rpm 32a0f286397d2130e813d0b15e3582de 2010.1/x86_64/lib64vte-devel-0.24.1-2.1mdv2010.1.x86_64.rpm c947e661092ad638b30ff31eab30d01e 2010.1/x86_64/python-vte-0.24.1-2.1mdv2010.1.x86_64.rpm 6382062f784fe48fdbabd4b5e536c724 2010.1/x86_64/vte-0.24.1-2.1mdv2010.1.x86_64.rpm 578fd4339c2d63b1162e0c5160e1a16f 2010.1/SRPMS/vte-0.24.1-2.1mdv2010.1.src.rpm