USN-689-1: Vinagre vulnerability

10 December 2008

vinagre vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS

Software Description

  • vinagre


Alfredo Ortega discovered a flaw in Vinagre’s use of format strings. A remote attacker could exploit this vulnerability if they tricked a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. In Ubuntu 8.04, it was possible to execute arbitrary code with user privileges. In Ubuntu 8.10, Vinagre would simply abort, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.10
vinagre - 2.24.1-0ubuntu1.1
Ubuntu 8.04 LTS
vinagre - 0.5.1-0ubuntu1.1

To update your system, please follow these instructions:

After a standard system upgrade you need to restart Vinagre to effect the necessary changes.