BugTraq
[USN-962-1] VTE vulnerability Jul 15 2010 06:36PM
Kees Cook (kees ubuntu com)
===========================================================
Ubuntu Security Notice USN-962-1 July 15, 2010
vte vulnerability
CVE-2010-2713
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
libvte9 1:0.20.0-0ubuntu2.1

Ubuntu 9.10:
libvte9 1:0.22.2-0ubuntu2.1

Ubuntu 10.04 LTS:
libvte9 1:0.23.5-0ubuntu1.1

After a standard system update you need to restart your session to make
all the necessary changes.

Details follow:

Janne Snabb discovered that applications using VTE, such as gnome-terminal,
did not correctly filter window and icon title request escape codes. If a
user were tricked into viewing specially crafted output in their terminal,
a remote attacker could execute arbitrary commands with user privileges.

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.
diff.gz
Size/MD5: 428402 e765295968fe78b4d8e72050dce5f2b7
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0-0ubuntu2.1.
dsc
Size/MD5: 1742 91b6ea4ecd1400d57d72190fab77960c
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.20.0.orig.tar.gz

Size/MD5: 1372195 2634f593b93950c58cc12983bdc363cc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.20.0-0
ubuntu2.1_all.deb
Size/MD5: 34100 cb3960a156fb27606aeafcc8a3222b46
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.20.0-0ubu
ntu2.1_all.deb
Size/MD5: 64118 50ab6b9ed24762be4629e480b28e18c1

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubu
ntu2.1_amd64.deb
Size/MD5: 381230 d11c934f31bd1382bb6d62603e839199
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0u
buntu2.1_amd64.udeb
Size/MD5: 333636 77562502f522d91fbbea6b5eba1d0982
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu
2.1_amd64.deb
Size/MD5: 599364 edc9be7f0fa11e6281a553208dfb3842
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-
0ubuntu2.1_amd64.deb
Size/MD5: 177654 58665e2a253ecf2653d9023733573ce2
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubu
ntu2.1_amd64.deb
Size/MD5: 36754 2f3d7f2540a8e6089eb143887ece13d2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.20.0-0ubu
ntu2.1_i386.deb
Size/MD5: 357832 e255a12e7f921dd4da70a9c81ccd8a72
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.20.0-0u
buntu2.1_i386.udeb
Size/MD5: 320620 b0f150837119c4e557c9c535a969e949
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.20.0-0ubuntu
2.1_i386.deb
Size/MD5: 578074 cefed97e22169f7c47d2576ff925b3ff
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.20.0-
0ubuntu2.1_i386.deb
Size/MD5: 160650 3c6f0e195b16937bd6c159bc32ffd34c
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.20.0-0ubu
ntu2.1_i386.deb
Size/MD5: 29878 082fd94ee2d4079d8e120e7adc525d01

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_lpi
a.deb
Size/MD5: 357150 275ea65ad8d4f0afa645070809bc83db
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_l
pia.udeb
Size/MD5: 318818 d4239f5aca45b71b5b51469111abaaa1
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_lpia.d
eb
Size/MD5: 575628 90f4af7d86e34f4eb49ac2c69751b544
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1
_lpia.deb
Size/MD5: 161258 9906e6464b75188f61bcf2626209f4e5
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_lpi
a.deb
Size/MD5: 29788 5d8228882a46943378e300854c2e8bf9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_pow
erpc.deb
Size/MD5: 434366 44f0c8d2cc517dec5cda7b23ae364989
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_p
owerpc.udeb
Size/MD5: 380478 af6da9a37b4b4dfe9277985388726c97
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_powerp
c.deb
Size/MD5: 702506 9cd310cc8a3a9b10eb3ee3753500fcbe
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1
_powerpc.deb
Size/MD5: 171112 1392f41f7fd399d4f5a2b6901b9afdc8
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_pow
erpc.deb
Size/MD5: 33216 348af61aab2378a5bd4ace0e72bf0463

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.20.0-0ubuntu2.1_spa
rc.deb
Size/MD5: 417216 90a00c9c1aecfe8b3982516a327b3693
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.20.0-0ubuntu2.1_s
parc.udeb
Size/MD5: 377752 a646e0dff2d00326f36006ce9da6b929
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.20.0-0ubuntu2.1_sparc.
deb
Size/MD5: 684664 8bdae71547bcdd1dbab0db1c3f23af29
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.20.0-0ubuntu2.1
_sparc.deb
Size/MD5: 160572 b92f538e7f75edaea8b95bf1ee21a1d1
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.20.0-0ubuntu2.1_spa
rc.deb
Size/MD5: 30318 c90d3f542a6c5e0e5015e26c4a91834b

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.
diff.gz
Size/MD5: 243298 3edfa4d3d5f316572e5740fcfad6921d
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2-0ubuntu2.1.
dsc
Size/MD5: 1834 3d1255fc5bb5c83888fe03c41717ba23
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.22.2.orig.tar.gz

Size/MD5: 1690961 395d1cfb26eb88cd59cf8c4ba9cff5a3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.22.2-0
ubuntu2.1_all.deb
Size/MD5: 39738 7816f27f3df3317200f462a8ee331ed7
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.22.2-0ubu
ntu2.1_all.deb
Size/MD5: 67816 dc826cf7ce0f58631e99c1ba0b32c9dc

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubu
ntu2.1_amd64.deb
Size/MD5: 374980 10a34defb72515939bf8b6a5f5d54528
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0u
buntu2.1_amd64.udeb
Size/MD5: 323702 f9bb18bba04c415c5193e9c41b0ee1ce
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu
2.1_amd64.deb
Size/MD5: 569660 b231f66728c13796395a867c890cea2b
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-
0ubuntu2.1_amd64.deb
Size/MD5: 178312 d5435792bd9eb94c5e56ea1e2737ae72
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubu
ntu2.1_amd64.deb
Size/MD5: 37610 de87e338985117dd7424dd4bfd300ecf

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.22.2-0ubu
ntu2.1_i386.deb
Size/MD5: 354286 1a93396e5e8a9b18436add12955364ba
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.22.2-0u
buntu2.1_i386.udeb
Size/MD5: 311194 1fa31d2b232688a45eef99db548756bc
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.22.2-0ubuntu
2.1_i386.deb
Size/MD5: 553646 9580f3c6612faefb0ed78256fed07621
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.22.2-
0ubuntu2.1_i386.deb
Size/MD5: 163708 f137ea721dcb9ea1627f71ad2b481a0b
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.22.2-0ubu
ntu2.1_i386.deb
Size/MD5: 30848 564462811d1f26275dbdccd29fe35d5c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_lpi
a.deb
Size/MD5: 353152 1d3641a6ca8b9897e5fe17913d2e5c52
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_l
pia.udeb
Size/MD5: 309680 ac6253b76ea51b4bf412f8e2ead3423f
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_lpia.d
eb
Size/MD5: 550788 27c11af8f9397f36551e32157c964344
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1
_lpia.deb
Size/MD5: 164154 5ed643aaef2ad3582f1dac314ec696b3
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_lpi
a.deb
Size/MD5: 30586 a68eefbfa31ee1358953a15f80a898a2

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_pow
erpc.deb
Size/MD5: 400068 bf0db507a15bcc2f5295a0d69869c8ab
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_p
owerpc.udeb
Size/MD5: 341556 aaf3f154b40ac28c5bb3ba3934f20772
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_powerp
c.deb
Size/MD5: 608182 0fd96c473b3320e8fc7c4a8d42114831
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1
_powerpc.deb
Size/MD5: 176394 b4581dbaba32185dba6b26c98cdedbd7
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_pow
erpc.deb
Size/MD5: 33718 b90e936340b1c9e717f8b402dca16e82

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.22.2-0ubuntu2.1_spa
rc.deb
Size/MD5: 383916 0052cb2d7180822c17893a4cfcef0383
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.22.2-0ubuntu2.1_s
parc.udeb
Size/MD5: 339134 0f3b107ecdffe6a2de793f5d1766634a
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.22.2-0ubuntu2.1_sparc.
deb
Size/MD5: 596110 eea4bc4b68616012efdf53abf0d5fbf7
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.22.2-0ubuntu2.1
_sparc.deb
Size/MD5: 163172 af1ecf447961b7498c6edc0f3d9b4ab9
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.22.2-0ubuntu2.1_spa
rc.deb
Size/MD5: 31042 4c32e63f44db4715188932deb2e1b362

Updated packages for Ubuntu 10.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.
diff.gz
Size/MD5: 211284 5f70b3dca901eb710f241ae58ddbe82f
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5-0ubuntu1.1.
dsc
Size/MD5: 1834 d2cd6ea9a2d74191eac929364df284e3
http://security.ubuntu.com/ubuntu/pool/main/v/vte/vte_0.23.5.orig.tar.gz

Size/MD5: 1703653 8256980f2c9b9914bb640870568adeff

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-common_0.23.5-0
ubuntu1.1_all.deb
Size/MD5: 41216 3362a9b7570880c5f121d45cf45f1635
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-doc_0.23.5-0ubu
ntu1.1_all.deb
Size/MD5: 71402 4e9fb7db00aa46b294c826eb2b912048

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubu
ntu1.1_amd64.deb
Size/MD5: 373946 2232ba9a261fa26950da8fd4cd77c0f4
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0u
buntu1.1_amd64.udeb
Size/MD5: 323570 0965c8fcc82a46e4a61df68db2d55286
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu
1.1_amd64.deb
Size/MD5: 569720 bf13b0ef86f2cb016f875925d8ea1cb6
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-
0ubuntu1.1_amd64.deb
Size/MD5: 91070 7bb8a16739115b0fb18bee882c2496a1
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubu
ntu1.1_amd64.deb
Size/MD5: 19886 a22e380ba799ea4a964cbf462dc242a7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte-dev_0.23.5-0ubu
ntu1.1_i386.deb
Size/MD5: 353460 0e0a36204d17e2e06838b3e953f4494a
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9-udeb_0.23.5-0u
buntu1.1_i386.udeb
Size/MD5: 311344 d3bbb99765dd1b0bc4b37ffeb74e47a0
http://security.ubuntu.com/ubuntu/pool/main/v/vte/libvte9_0.23.5-0ubuntu
1.1_i386.deb
Size/MD5: 553716 0362fb78ab8e9c657235b1207040c21d
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte-dbg_0.23.5-
0ubuntu1.1_i386.deb
Size/MD5: 84008 edb76ddf1c422af64b31ec3227466040
http://security.ubuntu.com/ubuntu/pool/main/v/vte/python-vte_0.23.5-0ubu
ntu1.1_i386.deb
Size/MD5: 16534 254d655ff5f7ad3037e9847d209f6426

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_pow
erpc.deb
Size/MD5: 399062 650d527c3a8ceabca5e46945cc577608
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_p
owerpc.udeb
Size/MD5: 344968 0274fac76ecb7fcf24fa1e7876322364
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_powerp
c.deb
Size/MD5: 608296 6ee308e8e565b3ef77a14187d44fa9ca
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1
_powerpc.deb
Size/MD5: 90264 d5e52a1bdc82da13dc10bf6d50e44bb6
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_pow
erpc.deb
Size/MD5: 17832 d9023a1b08175c47a95213b694b55a38

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vte/libvte-dev_0.23.5-0ubuntu1.1_spa
rc.deb
Size/MD5: 385478 abb9a0b4f444c1588530f7cd4f4ca818
http://ports.ubuntu.com/pool/main/v/vte/libvte9-udeb_0.23.5-0ubuntu1.1_s
parc.udeb
Size/MD5: 341688 a582c6a4dc3cb517a4ff86b0fadd0ed3
http://ports.ubuntu.com/pool/main/v/vte/libvte9_0.23.5-0ubuntu1.1_sparc.
deb
Size/MD5: 599642 841b2459776c09a06a584fe41ee86bd9
http://ports.ubuntu.com/pool/main/v/vte/python-vte-dbg_0.23.5-0ubuntu1.1
_sparc.deb
Size/MD5: 83800 0d1d2bfb961cdeb8c1f32debaf2e6939
http://ports.ubuntu.com/pool/main/v/vte/python-vte_0.23.5-0ubuntu1.1_spa
rc.deb
Size/MD5: 16784 5ac61fa9db2c471452e0690769732841

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook <kees (at) outflux (dot) net [email concealed]>

iEYEARECAAYFAkw/VSUACgkQH/9LqRcGPm1ysQCfXN58aVR6I3qfB2CMeaq9Q/81
7V8AnieZ/xM5AXhaoqBil94EPV7A6bQe
=zPaW
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus