blob: 60d507513c382fbb984c5488b46932bed4b339b9 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200903-01">
<title>Vinagre: User-assisted execution of arbitrary code</title>
A format string error in Vinagre may allow for the execution of arbitrary
<product type="ebuild">vinagre</product>
<announced>March 06, 2009</announced>
<revised>March 06, 2009: 01</revised>
<package name="net-misc/vinagre" auto="yes" arch="*">
<unaffected range="ge">0.5.2</unaffected>
<vulnerable range="lt">0.5.2</vulnerable>
Vinagre is a VNC Client for the GNOME Desktop.
Alfredo Ortega (Core Security Technologies) reported a format string
error in the vinagre_utils_show_error() function in
<impact type="normal">
A remote attacker could entice a user into opening a specially crafted
.vnc file or connecting to a malicious server, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
There is no known workaround at this time.
All Vinagre users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/vinagre-0.5.2&quot;</code>
<uri link="">CVE-2008-5660</uri>
<metadata tag="requester" timestamp="Sat, 13 Dec 2008 19:36:32 +0000">
<metadata tag="submitter" timestamp="Tue, 24 Feb 2009 22:12:27 +0000">
<metadata tag="bugReady" timestamp="Tue, 24 Feb 2009 22:12:38 +0000">