[Full-Disclosure] GLSA: vte (200303-2)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/03/03

  • Next message: vkatalov@elcomsoft.com: "[Full-Disclosure] Implementation flaws in Adobe Document Server for Reader Extensions"
    From: Daniel Ahlberg <aliz@gentoo.org>
    To: full-disclosure@lists.netsys.com
    Date: Mon, 3 Mar 2003 11:16:16 +0100
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-2
    - - ---------------------------------------------------------------------

              PACKAGE : vte
              SUMMARY : dangerous interception of escape sequences
                 DATE : 2003-03-03 10:16 UTC
              EXPLOIT : remote
    VERSIONS AFFECTED : <0.10.25
        FIXED VERSION : >0.10.25
                  CVE : CAN-2003-0070

    - - ---------------------------------------------------------------------

    - From advisory:

    "Many of the features supported by popular terminal emulator software
    can be abused when un-trusted data is displayed on the screen. The
    impact of this abuse can range from annoying screen garbage to a
    complete system compromise. All of the issues below are actually
    documented features, anyone who takes the time to read over the man
    pages or source code could use them to carry out an attack."

    Read the full advisory at:
    http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    x11-libs/vte upgrade to vte-0.10.25 as follows:

    emerge sync
    emerge -u vte
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+YytrfT7nyhUpoZMRAmM4AJ9GiRX6v2zDkr0hftZ5hWc0rP8FtwCfWjsM
    sM4EOkJZrokHlfOWLABLBgo=
    =+/3p
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: vkatalov@elcomsoft.com: "[Full-Disclosure] Implementation flaws in Adobe Document Server for Reader Extensions"

    Relevant Pages

    • [Full-Disclosure] GLSA: netscape-flash (200303-9)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge netscape-flash ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: eterm (200303-1)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge -u eterm ...
      (Full-Disclosure)
    • GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Bugtraq)
    • GLSA: rxvt (200303-16)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Bugtraq)