2011-02-09 16:27:41 |
Jamie Strandboge |
bug |
|
|
added bug |
2011-02-09 16:28:01 |
Jamie Strandboge |
gnome-control-center (Ubuntu): importance |
Undecided |
Wishlist |
|
2011-02-09 16:28:01 |
Jamie Strandboge |
gnome-control-center (Ubuntu): status |
New |
In Progress |
|
2011-02-09 16:28:01 |
Jamie Strandboge |
gnome-control-center (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2011-02-09 16:28:14 |
Jamie Strandboge |
tags |
|
apparmor |
|
2011-02-09 16:28:27 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Security Team |
2011-02-09 16:32:16 |
Jamie Strandboge |
attachment added |
|
usr.bin.gnome-thumbnail-font https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/715874/+attachment/1839899/+files/usr.bin.gnome-thumbnail-font |
|
2011-02-09 22:56:52 |
Jamie Strandboge |
summary |
should have apparmor profile for gnome-thumbnail-font |
gnome thumbnailers should have an apparmor profile |
|
2011-02-09 22:57:25 |
Jamie Strandboge |
bug task added |
|
totem (Ubuntu) |
|
2011-02-09 22:57:38 |
Jamie Strandboge |
totem (Ubuntu): importance |
Undecided |
Wishlist |
|
2011-02-09 22:57:38 |
Jamie Strandboge |
totem (Ubuntu): status |
New |
Triaged |
|
2011-02-09 22:59:26 |
Jamie Strandboge |
description |
Binary package hint: gnome-control-center
Nautilus normally uses gnome-thumbnail-font to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-tumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack. |
Binary package hint: gnome-control-center
Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-tumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.
nautilus also use totem-video-thumbnail and evince-thumbnailer. evince-thumbnailer has an apparmor profile already. For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for these images. |
|
2011-02-09 22:59:45 |
Jamie Strandboge |
bug task added |
|
gnome-desktop (Ubuntu) |
|
2011-02-09 23:00:00 |
Jamie Strandboge |
gnome-desktop (Ubuntu): importance |
Undecided |
Wishlist |
|
2011-02-09 23:00:00 |
Jamie Strandboge |
gnome-desktop (Ubuntu): status |
New |
Triaged |
|
2011-02-10 13:48:16 |
Jamie Strandboge |
description |
Binary package hint: gnome-control-center
Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-tumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.
nautilus also use totem-video-thumbnail and evince-thumbnailer. evince-thumbnailer has an apparmor profile already. For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for these images. |
Binary package hint: gnome-control-center
Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
true
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-thumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.
The same can be said for other thumbnailers. Nautilus also uses totem-video-thumbnail and evince-thumbnailer (evince-thumbnailer has an apparmor profile already). For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for the various image mime-types and updating gnome-desktop to not fallback to gdk-pixbuf on thumbnail script error.
|
|
2011-02-10 17:38:46 |
Jamie Strandboge |
totem (Ubuntu): status |
Triaged |
In Progress |
|
2011-02-10 17:38:46 |
Jamie Strandboge |
totem (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2011-02-10 17:39:24 |
Jamie Strandboge |
attachment added |
|
totem.abstraction https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841793/+files/totem.abstraction |
|
2011-02-10 17:39:44 |
Jamie Strandboge |
attachment added |
|
usr.bin.totem-previewers https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841794/+files/usr.bin.totem-previewers |
|
2011-02-10 18:30:55 |
Jamie Strandboge |
attachment removed |
usr.bin.gnome-thumbnail-font https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1839899/+files/usr.bin.gnome-thumbnail-font |
|
|
2011-02-10 18:31:27 |
Jamie Strandboge |
attachment added |
|
usr.bin.gnome-thumbnail-font https://bugs.launchpad.net/ubuntu/+source/totem/+bug/715874/+attachment/1841874/+files/usr.bin.gnome-thumbnail-font |
|
2011-02-11 21:15:27 |
Jamie Strandboge |
gnome-desktop (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2011-02-14 08:53:28 |
Jason Gerard DeRose |
bug |
|
|
added subscriber Jason Gerard DeRose |
2011-02-14 12:10:48 |
Γουργιώτης Γιώργος (aka Gourgi) |
bug |
|
|
added subscriber Γουργιώτης Γιώργος (aka Gourgi) |
2011-02-19 21:28:07 |
John Drinkwater |
bug |
|
|
added subscriber John Drinkwater |
2011-05-30 18:33:36 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
2011-10-12 19:55:51 |
Sebastien Bacher |
affects |
gnome-control-center (Ubuntu) |
gnome-utils (Ubuntu) |
|
2011-10-12 19:56:37 |
Sebastien Bacher |
affects |
gnome-desktop (Ubuntu) |
gnome-desktop3 (Ubuntu) |
|
2012-05-01 20:35:31 |
Jamie Strandboge |
gnome-utils (Ubuntu): status |
In Progress |
Triaged |
|
2012-05-01 20:35:33 |
Jamie Strandboge |
totem (Ubuntu): status |
In Progress |
Triaged |
|
2012-05-01 20:35:38 |
Jamie Strandboge |
gnome-desktop3 (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
|
|
2012-05-01 20:35:40 |
Jamie Strandboge |
gnome-utils (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
|
|
2012-05-01 20:35:42 |
Jamie Strandboge |
totem (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
|
|
2012-10-08 11:18:00 |
Laurent Bonnaud |
bug |
|
|
added subscriber Laurent Bonnaud |
2013-04-26 13:08:34 |
dino99 |
tags |
apparmor |
apparmor raring saucy |
|
2016-11-15 19:43:17 |
Christian Kujau |
bug |
|
|
added subscriber Christian Kujau |
2019-04-10 11:21:51 |
Laurent Bonnaud |
tags |
apparmor raring saucy |
apparmor bionic disco raring saucy |
|
2019-04-11 01:30:33 |
Daniel van Vugt |
tags |
apparmor bionic disco raring saucy |
apparmor bionic disco |
|
2022-05-24 11:01:25 |
Laurent Bonnaud |
tags |
apparmor bionic disco |
apparmor bionic disco focal jammy |
|