[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [USN-962-1] VTE vulnerability

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [USN-962-1] VTE vulnerability
From: Kees Cook <kees@xxxxxxxxxx>
Date: Thu, 15 Jul 2010 11:36:21 -0700

===========================================================
Ubuntu Security Notice USN-962-1              July 15, 2010
vte vulnerability
CVE-2010-2713
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libvte9                         1:0.20.0-0ubuntu2.1

Ubuntu 9.10:
  libvte9                         1:0.22.2-0ubuntu2.1

Ubuntu 10.04 LTS:
  libvte9                         1:0.23.5-0ubuntu1.1

After a standard system update you need to restart your session to make
all the necessary changes.

Details follow:

Janne Snabb discovered that applications using VTE, such as gnome-terminal,
did not correctly filter window and icon title request escape codes.  If a
user were tricked into viewing specially crafted output in their terminal,
a remote attacker could execute arbitrary commands with user privileges.


Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.diff.gz
      Size/MD5:   428402 e765295968fe78b4d8e72050dce5f2b7
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.dsc
      Size/MD5:     1742 91b6ea4ecd1400d57d72190fab77960c
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0.orig.tar.gz
      Size/MD5:  1372195 2634f593b93950c58cc12983bdc363cc

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.20.0-0ubuntu2.1_all.deb
      Size/MD5:    34100 cb3960a156fb27606aeafcc8a3222b46
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.20.0-0ubuntu2.1_all.deb
      Size/MD5:    64118 50ab6b9ed24762be4629e480b28e18c1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_amd64.deb
      Size/MD5:   381230 d11c934f31bd1382bb6d62603e839199
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_amd64.udeb
      Size/MD5:   333636 77562502f522d91fbbea6b5eba1d0982
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_amd64.deb
      Size/MD5:   599364 edc9be7f0fa11e6281a553208dfb3842
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_amd64.deb
      Size/MD5:   177654 58665e2a253ecf2653d9023733573ce2
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_amd64.deb
      Size/MD5:    36754 2f3d7f2540a8e6089eb143887ece13d2

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_i386.deb
      Size/MD5:   357832 e255a12e7f921dd4da70a9c81ccd8a72
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_i386.udeb
      Size/MD5:   320620 b0f150837119c4e557c9c535a969e949
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_i386.deb
      Size/MD5:   578074 cefed97e22169f7c47d2576ff925b3ff
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_i386.deb
      Size/MD5:   160650 3c6f0e195b16937bd6c159bc32ffd34c
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_i386.deb
      Size/MD5:    29878 082fd94ee2d4079d8e120e7adc525d01

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_lpia.deb
      Size/MD5:   357150 275ea65ad8d4f0afa645070809bc83db
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_lpia.udeb
      Size/MD5:   318818 d4239f5aca45b71b5b51469111abaaa1
    http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_lpia.deb
      Size/MD5:   575628 90f4af7d86e34f4eb49ac2c69751b544
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_lpia.deb
      Size/MD5:   161258 9906e6464b75188f61bcf2626209f4e5
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_lpia.deb
      Size/MD5:    29788 5d8228882a46943378e300854c2e8bf9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   434366 44f0c8d2cc517dec5cda7b23ae364989
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_powerpc.udeb
      Size/MD5:   380478 af6da9a37b4b4dfe9277985388726c97
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   702506 9cd310cc8a3a9b10eb3ee3753500fcbe
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_powerpc.deb
      Size/MD5:   171112 1392f41f7fd399d4f5a2b6901b9afdc8
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_powerpc.deb
      Size/MD5:    33216 348af61aab2378a5bd4ace0e72bf0463

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_sparc.deb
      Size/MD5:   417216 90a00c9c1aecfe8b3982516a327b3693
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_sparc.udeb
      Size/MD5:   377752 a646e0dff2d00326f36006ce9da6b929
    http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_sparc.deb
      Size/MD5:   684664 8bdae71547bcdd1dbab0db1c3f23af29
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1_sparc.deb
      Size/MD5:   160572 b92f538e7f75edaea8b95bf1ee21a1d1
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_sparc.deb
      Size/MD5:    30318 c90d3f542a6c5e0e5015e26c4a91834b

Updated packages for Ubuntu 9.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.diff.gz
      Size/MD5:   243298 3edfa4d3d5f316572e5740fcfad6921d
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.dsc
      Size/MD5:     1834 3d1255fc5bb5c83888fe03c41717ba23
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2.orig.tar.gz
      Size/MD5:  1690961 395d1cfb26eb88cd59cf8c4ba9cff5a3

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.22.2-0ubuntu2.1_all.deb
      Size/MD5:    39738 7816f27f3df3317200f462a8ee331ed7
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.22.2-0ubuntu2.1_all.deb
      Size/MD5:    67816 dc826cf7ce0f58631e99c1ba0b32c9dc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_amd64.deb
      Size/MD5:   374980 10a34defb72515939bf8b6a5f5d54528
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_amd64.udeb
      Size/MD5:   323702 f9bb18bba04c415c5193e9c41b0ee1ce
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_amd64.deb
      Size/MD5:   569660 b231f66728c13796395a867c890cea2b
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_amd64.deb
      Size/MD5:   178312 d5435792bd9eb94c5e56ea1e2737ae72
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_amd64.deb
      Size/MD5:    37610 de87e338985117dd7424dd4bfd300ecf

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_i386.deb
      Size/MD5:   354286 1a93396e5e8a9b18436add12955364ba
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_i386.udeb
      Size/MD5:   311194 1fa31d2b232688a45eef99db548756bc
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_i386.deb
      Size/MD5:   553646 9580f3c6612faefb0ed78256fed07621
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_i386.deb
      Size/MD5:   163708 f137ea721dcb9ea1627f71ad2b481a0b
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_i386.deb
      Size/MD5:    30848 564462811d1f26275dbdccd29fe35d5c

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_lpia.deb
      Size/MD5:   353152 1d3641a6ca8b9897e5fe17913d2e5c52
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_lpia.udeb
      Size/MD5:   309680 ac6253b76ea51b4bf412f8e2ead3423f
    http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_lpia.deb
      Size/MD5:   550788 27c11af8f9397f36551e32157c964344
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_lpia.deb
      Size/MD5:   164154 5ed643aaef2ad3582f1dac314ec696b3
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_lpia.deb
      Size/MD5:    30586 a68eefbfa31ee1358953a15f80a898a2

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_powerpc.deb
      Size/MD5:   400068 bf0db507a15bcc2f5295a0d69869c8ab
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_powerpc.udeb
      Size/MD5:   341556 aaf3f154b40ac28c5bb3ba3934f20772
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_powerpc.deb
      Size/MD5:   608182 0fd96c473b3320e8fc7c4a8d42114831
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_powerpc.deb
      Size/MD5:   176394 b4581dbaba32185dba6b26c98cdedbd7
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_powerpc.deb
      Size/MD5:    33718 b90e936340b1c9e717f8b402dca16e82

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_sparc.deb
      Size/MD5:   383916 0052cb2d7180822c17893a4cfcef0383
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_sparc.udeb
      Size/MD5:   339134 0f3b107ecdffe6a2de793f5d1766634a
    http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_sparc.deb
      Size/MD5:   596110 eea4bc4b68616012efdf53abf0d5fbf7
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1_sparc.deb
      Size/MD5:   163172 af1ecf447961b7498c6edc0f3d9b4ab9
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_sparc.deb
      Size/MD5:    31042 4c32e63f44db4715188932deb2e1b362

Updated packages for Ubuntu 10.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.diff.gz
      Size/MD5:   211284 5f70b3dca901eb710f241ae58ddbe82f
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.dsc
      Size/MD5:     1834 d2cd6ea9a2d74191eac929364df284e3
    http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5.orig.tar.gz
      Size/MD5:  1703653 8256980f2c9b9914bb640870568adeff

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.23.5-0ubuntu1.1_all.deb
      Size/MD5:    41216 3362a9b7570880c5f121d45cf45f1635
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.23.5-0ubuntu1.1_all.deb
      Size/MD5:    71402 4e9fb7db00aa46b294c826eb2b912048

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_amd64.deb
      Size/MD5:   373946 2232ba9a261fa26950da8fd4cd77c0f4
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_amd64.udeb
      Size/MD5:   323570 0965c8fcc82a46e4a61df68db2d55286
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_amd64.deb
      Size/MD5:   569720 bf13b0ef86f2cb016f875925d8ea1cb6
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_amd64.deb
      Size/MD5:    91070 7bb8a16739115b0fb18bee882c2496a1
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_amd64.deb
      Size/MD5:    19886 a22e380ba799ea4a964cbf462dc242a7

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_i386.deb
      Size/MD5:   353460 0e0a36204d17e2e06838b3e953f4494a
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_i386.udeb
      Size/MD5:   311344 d3bbb99765dd1b0bc4b37ffeb74e47a0
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_i386.deb
      Size/MD5:   553716 0362fb78ab8e9c657235b1207040c21d
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_i386.deb
      Size/MD5:    84008 edb76ddf1c422af64b31ec3227466040
    
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_i386.deb
      Size/MD5:    16534 254d655ff5f7ad3037e9847d209f6426

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_powerpc.deb
      Size/MD5:   399062 650d527c3a8ceabca5e46945cc577608
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_powerpc.udeb
      Size/MD5:   344968 0274fac76ecb7fcf24fa1e7876322364
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_powerpc.deb
      Size/MD5:   608296 6ee308e8e565b3ef77a14187d44fa9ca
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_powerpc.deb
      Size/MD5:    90264 d5e52a1bdc82da13dc10bf6d50e44bb6
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_powerpc.deb
      Size/MD5:    17832 d9023a1b08175c47a95213b694b55a38

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_sparc.deb
      Size/MD5:   385478 abb9a0b4f444c1588530f7cd4f4ca818
    
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_sparc.udeb
      Size/MD5:   341688 a582c6a4dc3cb517a4ff86b0fadd0ed3
    http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_sparc.deb
      Size/MD5:   599642 841b2459776c09a06a584fe41ee86bd9
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1_sparc.deb
      Size/MD5:    83800 0d1d2bfb961cdeb8c1f32debaf2e6939
    
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_sparc.deb
      Size/MD5:    16784 5ac61fa9db2c471452e0690769732841

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
Next by Date: [Full-disclosure] ZDI-10-126: Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability
Previous by thread: [Full-disclosure] SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
Next by thread: [Full-disclosure] ZDI-10-126: Ipswitch Imail Server List Mailer Reply-To Address Remote Code Execution Vulnerability
Index(es):
- Date
- Thread