RedHat has issued an advisory on January 21: https://rhn.redhat.com/errata/RHSA-2013-0169.html Cauldron is not affected, as this was fixed upstream. Patched package uploaded for Mageia 2. Patch also added in Mageia 1 SVN. Advisory: ======================== Updated vino package fixes security vulnerability: It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating (CVE-2012-4429). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4429 https://rhn.redhat.com/errata/RHSA-2013-0169.html ======================== Updated packages in core/updates_testing: ======================== vino-3.4.2-1.1.mga2 from vino-3.4.2-1.1.mga2.src.rpm
PoC: http://www.openwall.com/lists/oss-security/2012/09/13/25
Testing mga2 64 Before ------ $ vino-preferences Configure to accept connections with a password $ /usr/lib64/vino-server (vino-server:13434): EggSMClient-CRITICAL **: egg_sm_client_set_mode: assertion `global_client == NULL || global_client_mode == EGG_SM_CLIENT_MODE_DISABLED' failed 30/01/2013 16:51:16 Autoprobing TCP port in (all) network interface 30/01/2013 16:51:16 Listening IPv6://[::]:5900 30/01/2013 16:51:16 Listening IPv4://0.0.0.0:5900 30/01/2013 16:51:16 Autoprobing selected port 5900 30/01/2013 16:51:16 Advertising security type: 'TLS' (18) 30/01/2013 16:51:16 Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface 30/01/2013 16:51:16 Listening IPv6://[::]:5900 30/01/2013 16:51:16 Listening IPv4://0.0.0.0:5900 30/01/2013 16:51:16 Clearing securityTypes etc.. In another terminal.. $ socat - tcp4:localhost:5900 RFB 003.007 Then copying some text displays it below this. ctrl-c in both terminals to kill socat and kill vino-server. After ----- # urpmi vino installing vino-3.4.2-1.1.mga2.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################################################################################## 1/1: vino ########################################################################################## warning: undefined reference to <schema id='org.gnome.glabels.locale'/> warning: undefined reference to <schema id='org.gnome.glabels.objects'/> warning: undefined reference to <schema id='org.gnome.glabels.history'/> warning: undefined reference to <schema id='org.gnome.glabels.ui'/> Apart from the above warnings re-testing shows the vulnerability closed. No copied text displayed. This was tested in kde which may account for the gnome warnings. Any thoughts David?
Whiteboard: (none) => has_procedure mga2-64-OK?
I'm not a GNOME guy, but I imagine it's something not worth worrying about. I'll CC Olav, just in case he cares to comment on it. I haven't seen him in a while.
CC: (none) => olav
Tested mga2 32 ok Validating Advisory & SRPM in comment 0 bug 8908 created for the warnings Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-OK? => has_procedure mga2-64-OK mga2-32-ok
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0028
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED