Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorycriticalremote accessUbuntu 12.10 USN-1701-1 Critical: Vino Clipboard Leak Issue
Vino could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-1701-1 January 22, 2013 vino vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Vino could be made to expose sensitive information over the network. Software Description: - vino: VNC server for GNOME Details: It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: vino 3.6.0-0ubuntu1.1 Ubuntu 12.04 LTS: vino 3.4.2-0ubuntu1.2 Ubuntu 11.10: vino 3.2.0-0ubuntu1.2 Ubuntu 10.04 LTS: vino 2.28.2-0ubuntu2.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1701-1 CVE-2012-4429 Package Information: https://launchpad.net/ubuntu/+source/vino/3.6.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/vino/3.4.2-0ubuntu1.2 https://launchpad.net/ubuntu/+source/vino/3.2.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/vino/2.28.2-0ubuntu2.2 . Ubuntu Security Notice USN-1702-1 tackles a vulnerability in gnome-screensaver that could lead to unauthorized access to screen locked sessions.. Vino Remote Access Issue, Ubuntu Update, Clipboard Exposure Risk. . Severity: Critical. LinuxSecurity.com Team
Jan 22, 2013
•Critical
Ubuntu
98
security advisoryupdateremote accessRed Hat Enterprise Linux 6: RHSA-2013:0169-01 Moderate: Vino Clipboard Leak
An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: vino security update Advisory ID: RHSA-2013:0169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0169.html Issue date: 2013-01-21 CVE Names: CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 CVE-2011-1165 CVE-2012-4429 ==================================================================== 1. Summary: An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. (CVE-2012-4429) Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash.(CVE-2011-0904, CVE-2011-0905) In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. (CVE-2011-1164) There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent. (CVE-2011-1165) All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 553477 - CVE-2011-1164 vino: vino-preferences incorrectly indicates that computer is only reachable over local network 678846 - CVE-2011-1165 vino-preferences does not warn about UPnP especially with no password and no confirmation. 694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests 694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests 857250 - CVE-2012-4429 vino: information leak and authentication bypass 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm ppc64: vino-2.28.1-8.el6_3.ppc64.rpm vino-debuginfo-2.28.1-8.el6_3.ppc64.rpm s390x: vino-2.28.1-8.el6_3.s390x.rpm vino-debuginfo-2.28.1-8.el6_3.s390x.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: vino-2.28.1-8.el6_3.i686.rpm vino-debuginfo-2.28.1-8.el6_3.i686.rpm x86_64: vino-2.28.1-8.el6_3.x86_64.rpm vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-0904 https://access.redhat.com/security/cve/CVE-2011-0905 https://access.redhat.com/security/cve/CVE-2011-1164 https://access.redhat.com/security/cve/CVE-2011-1165 https://access.redhat.com/security/cve/CVE-2012-4429 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . An updated version of Vino for Red Hat Enterprise Linux 6 has been released, addressing significant vulnerabilities concerning remote connections and clipboard functionality.. red hat, vino, clipboard security, remote access issues. . LinuxSecurity.com Team
Jan 21, 2013
Red Hat
172
security advisorycriticalaccess flawUbuntu: 6.06, 7.10 USN-669-1 Critical: Gnome-Screensaver Access Flaws
It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887) . ==========================================================Ubuntu Security Notice USN-669-1 November 11, 2008 gnome-screensaver vulnerabilities CVE-2007-6389, CVE-2008-0887 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1 Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3 After a standard system upgrade you need to restart all user sessions on your computer to effect the necessary changes. Details follow: It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 14632 858a17bd71cf1969f89c9f7248840e0b Size/MD5: 1515 100a66b14d50912bd73b49b6915d849b Size/MD5: 2122211 9c95c9d0ad4c44a215546dd4b95992b0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 1502090 d5bfdd6505afe949c6414fb01dab0bb9 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 1483824 bcb42c8bb0a73fbc06c5a465a75fa299 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 1499086 d7e65422d70d2ff6405b0472f03b1c1f sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 1486326 bff6d9f48780721f2621a0c6895aa143 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 25605 044d070d183f0e073dc1ac81945b0cc5 Size/MD5: 1695 472b10fdbd46177cbe20b58350265d64 Size/MD5: 2320018 db71d89c66fa3a96b3b276403b5bb723 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 1587388 6655526c8225d3b139eb36c1cbbf948a i386 architecture (x86 compatible Intel/AMD): Size/MD5: 1570386 456e6a56f46efac8de675aa906bf70c2 lpia architecture (Low Power Intel Architecture): Size/MD5: 1569166 c7f1ce8eeee0127cd557a78cf9591b36 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 1606010 a65b33b3a95a7d23bcbdd5e894785852 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 1576698 1566098fa61738a75ecaf0c98886eac1 --=-4IVhQM1uIY3V+c53vAYj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkkZ6YMACgkQLMAs/0C4zNqEIQCdEUWEt3CYBpeUaE+twytiUGPA g/gAnRoDkRs4ytcBYz2oK0i1G2Exq61n =WxiA -----END PGP SIGNATURE-------=-4IVhQM1uIY3V+c53vAYj-- --============== 13297292607603603=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --ubuntu-security-announce mailing list
Nov 11, 2008
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!