Ubuntu Security Notice USN-962-1 July 15, 2010
vte vulnerability
CVE-2010-2713
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libvte9 1:0.20.0-0ubuntu2.1
Ubuntu 9.10:
libvte9 1:0.22.2-0ubuntu2.1
Ubuntu 10.04 LTS:
libvte9 1:0.23.5-0ubuntu1.1
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
Janne Snabb discovered that applications using VTE, such as gnome-terminal,
did not correctly filter window and icon title request escape codes. If a
user were tricked into viewing specially crafted output in their terminal,
a remote attacker could execute arbitrary commands with user privileges.