[Secure-testing-team] Bug#528204: xtightvncviewer: Viewer vulnerable to attack by malicious/compromised VNC server
Simon Iremonger
debian at iremonger.me.uk
Mon May 11 11:41:10 UTC 2009
Package: xtightvncviewer
Version: 1.3.9-4
Severity: grave
Tags: security
Justification: user security hole
As far as I can tell, The Debian pagkages for xtightvncviewer
(also included unchanged in ubuntu) are still vulnerable to
known problem fixed upstream.
Advisory here:-
http://secunia.com/advisories/33807/
Fixed upstream as per:-
http://vnc-tight.sourceforge.net/release-1.3.10.html
Please correct me if I've missed anything!
With thanks,
--Simon
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF8, LC_CTYPE=en_GB.UTF8 (charmap=locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list