Summary: | net-misc/vinagre < 0.5.2 or < 2.24.2 vinagre_utils_show_error() execution of arbitrary code (CVE-2008-5660) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | stupendoussteve |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/Advisories/33041/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
stupendoussteve
2008-12-08 19:39:53 UTC
vinagre 0.5.2 and 2.24.2 are in portage tree now - they contain the obvious fix. Arches, please stabilize net-misc/vinagre-0.5.2 amd64 stable x86 stable Stable for HPPA. Looks like 2.24.1 can be removed immediately. ppc64 done sparc stable ppc stable alpha/ia64 stable GLSA request filed. CVE-2008-5660 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5660): Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via a crafted URI or VNC server response. GLSA 200903-01 |