Date: Fri, 26 Dec 2008 20:00:02 +0300 (MSK) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129959: [patch] [vuxml] net/vinagre: fix security issue and update to 0.5.2 Message-ID: <20081226170002.326B31711E@shadow.codelabs.ru> Resent-Message-ID: <200812261710.mBQHA16r099225@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129959 >Category: ports >Synopsis: [patch] [vuxml] net/vinagre: fix security issue and update to 0.5.2 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 26 17:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.1-PRERELEASE amd64 >Description: CORE Security Technologies informed about vulnerability in vinagre: ----- A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. ----- Advisory says about 2.24.2 as the first non-vulnerable version. The update to the branch 2.24 were made at 05 Dec 2008. The corresponding update to the 0.5 branch were made at 05 Dec 2008 and the new version is 0.5.2. Fix for 2.24 is here: http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-24/src/vinagre-utils.c?r1=490&r2=525&view=patch Fix for 0.5.2 was merged from branch gnome-2-22: http://svn.gnome.org/viewvc/vinagre/tags/VINAGRE_0_5_2/src/vinagre-utils.c?view=log And the fix for branch gnome-2-22, http://svn.gnome.org/viewvc/vinagre/branches/gnome-2-22/src/vinagre-utils.c?r1=252&r2=528&pathrev=528 is the same as for 2.24. >How-To-Repeat: http://www.coresecurity.com/content/vinagre-format-string http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news http://ftp.gnome.org/pub/GNOME/sources/vinagre/2.24/vinagre-2.24.2.news >Fix: The following patch updates the port to 0.5.2 thus fixing the security issue: --- update-to-0.5.2.diff begins here --- >From 92848964e91e45011537456d4424c5968313cac2 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Date: Fri, 26 Dec 2008 19:41:40 +0300 0.5.2 fixes security issue discovered by CORE Security Technologies: http://www.coresecurity.com/content/vinagre-format-string http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> --- net/vinagre/Makefile | 3 +-- net/vinagre/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/net/vinagre/Makefile b/net/vinagre/Makefile index f4dad51..661184c 100644 --- a/net/vinagre/Makefile +++ b/net/vinagre/Makefile @@ -7,8 +7,7 @@ # PORTNAME= vinagre -PORTVERSION= 0.5.1 -PORTREVISION= 3 +PORTVERSION= 0.5.2 CATEGORIES= net gnome MASTER_SITES= ${MASTER_SITE_GNOME} MASTER_SITE_SUBDIR= sources/${PORTNAME}/${PORTVERSION:C/^([0-9]+\.[0-9]+).*/\1/} diff --git a/net/vinagre/distinfo b/net/vinagre/distinfo index ffe1f67..e8cb385 100644 --- a/net/vinagre/distinfo +++ b/net/vinagre/distinfo @@ -1,3 +1,3 @@ -MD5 (gnome2/vinagre-0.5.1.tar.bz2) = 48e0079631952216743720fa1c59f621 -SHA256 (gnome2/vinagre-0.5.1.tar.bz2) = 971d32e74b553a68babfed14bedb1118c9882e1f1e5614889ec6f0795885e2a3 -SIZE (gnome2/vinagre-0.5.1.tar.bz2) = 1048927 +MD5 (gnome2/vinagre-0.5.2.tar.bz2) = abf277899e28ec9beea9a2f7c331267d +SHA256 (gnome2/vinagre-0.5.2.tar.bz2) = b45f084343ad892bc303e2d0dada186d588ae6f0ccc419340024a2533e5a775b +SIZE (gnome2/vinagre-0.5.2.tar.bz2) = 1031512 -- 1.6.0.6 --- update-to-0.5.2.diff ends here --- The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid="214e8e07-d369-11dd-b800-001b77d09812"> <topic>vinagre -- format string vulnerability</topic> <affects> <package> <name>vinagre</name> <range><lt>0.5.2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>CORE Security Technologies reports:</p> <blockquote cite="http://www.coresecurity.com/content/vinagre-format-string">; <p>A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name.</p> <p>In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.</p> </blockquote> </body> </description> <references> <bid>32682</bid> <url>http://www.coresecurity.com/content/vinagre-format-string</url>; <url>http://ftp.gnome.org/pub/GNOME/sources/vinagre/0.5/vinagre-0.5.2.news</url>; </references> <dates> <discovery>09-12-2008</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081226170002.326B31711E>