MDVSA-2008:240 -- Mandriva vinagreID: oval:org.secpod.oval:def:301314 | Date: (C)2012-01-07 (M)2021-06-02 |
Class: PATCH | Family: unix |
Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2008.1 |