USN-560-1: Tomboy vulnerability
Posted on: 01/08/2008 03:15 AM

A new Tomboy vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-560-1 January 07, 2008
tomboy vulnerability
CVE-2005-4790
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
tomboy 0.3.5-1ubuntu3.1

Ubuntu 6.10:
tomboy 0.4.1-0ubuntu3.1

Ubuntu 7.04:
tomboy 0.6.3-0ubuntu1.1

Ubuntu 7.10:
tomboy 0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect
the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the
LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking
the program.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1.diff.gz
Size/MD5: 23933 6c9f715503954349ea56aeb86da98da6
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1.dsc
Size/MD5: 887 67368aeea634e7ea85404c08c7203752
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5.orig.=
tar.gz
Size/MD5: 665911 63da1e4c752fa8802b40eb5b4726ff35

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1_amd64.deb
Size/MD5: 151414 66f0431f00f2b408d36142573e0ae81a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1_i386.deb
Size/MD5: 148058 20c1fad5297117a6b7a42ce22c542c09

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1_powerpc.deb
Size/MD5: 149712 314fdc7e7c09989828f867076f3a9916

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubun=
tu3.1_sparc.deb
Size/MD5: 148738 b966585a564a3a8485195ebc445c8811

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1.diff.gz
Size/MD5: 7320 9ee233ef334cd4df7ed06ca10f66a29f
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1.dsc
Size/MD5: 921 663cff08a633aea0a39432269e702bb5
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1.orig.=
tar.gz
Size/MD5: 937041 7e9ab15b8c799d265676173f8a8de7ce

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1_amd64.deb
Size/MD5: 425900 4e7c700e7997cd0ea9c125d907765b47

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1_i386.deb
Size/MD5: 423536 2233018b7964415d4d92f2226cceacae

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1_powerpc.deb
Size/MD5: 424412 0658a6b6650b43cca494c6c54bc36a7c

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubun=
tu3.1_sparc.deb
Size/MD5: 422726 279345713a6a1a2aad6f94ba95926a0e

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1.diff.gz
Size/MD5: 14285 c99ec66159af23c7c8bf0b34034c010a
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1.dsc
Size/MD5: 1142 f7be2cce138282dcadee5df308b756ae
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3.orig.=
tar.gz
Size/MD5: 1878094 566af33c4956e05512a57ae7a63c849f

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1_amd64.deb
Size/MD5: 1198448 78c9f1957ebe8496234fb583ed577909

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1_i386.deb
Size/MD5: 1196104 542d2466b008e9e258dc1cb4375a06f4

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1_powerpc.deb
Size/MD5: 1200260 58b6d75c2db39bb929f5e1566bee9462

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubun=
tu1.1_sparc.deb
Size/MD5: 1195606 8b2cce4383671a94d02f81f3492cf9f4

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1.diff.gz
Size/MD5: 12763 2c560717c1a85b755c88a868a9ae541c
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1.dsc
Size/MD5: 1070 4c87625903828c6a5405f75e1a9f4501
http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0.orig.=
tar.gz
Size/MD5: 2535671 28cf74d74090c7479c5716d8cbe6ed6a

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1_amd64.deb
Size/MD5: 2392716 7f03c42d8f7f06c413ea1e265582e446

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1_i386.deb
Size/MD5: 2389672 09bb10c6e415f3d5310f4966b7871478

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1_powerpc.deb
Size/MD5: 2396612 f3be6029861078af5aabb0c39760cbe2

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubun=
tu0.1_sparc.deb
Size/MD5: 2388798 0aacedaf7c9a2b32ffa59562651df420



--HnQK338I3UIa/qiP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHgtovW0JvuRdL8BoRAj78AKCdyfqDkyXSxmlfJH6MC0r/w3BfagCfYflB
tfF3VBanyrb+Z9sanqGrqeg=
=wjr4
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_560_1_tomboy_vulnerability.html)