drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in X.Org (Aktualisierung)
Name: |
Mehrere Probleme in X.Org (Aktualisierung) |
|
ID: |
USN-1232-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10 |
|
Datum: |
Fr, 21. Oktober 2011, 11:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4818 |
|
Applikationen: |
X11 |
|
Update von: |
Mehrere Probleme in X.Org |
|
Originalnachricht |
--===============3235241638145770196== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-GF0pTBkJWX1iS/g0ieFP"
--=-GF0pTBkJWX1iS/g0ieFP Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1232-3 October 20, 2011
xorg-server vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
The X server could be made to crash or run programs as an administrator.
Software Description: - xorg-server: X.Org X server
Details:
USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819) Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028) Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: xserver-xorg-core 2:1.9.0-0ubuntu7.6
Ubuntu 10.04 LTS: xserver-xorg-core 2:1.7.6-2ubuntu7.10
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1232-3 http://www.ubuntu.com/usn/usn-1232-1 CVE-2010-4818
Package Information: https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.6 https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.10
--ÐF0pTBkJWX1iS/g0ieFP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOoKxrAAoJEGVp2FWnRL6T4rUP/0V8ew4zdJZ2xTXfPissKINm 8jiYcuJk/wjweZxQ5WSDBR+wKduupGPSsvc+k7tTr7ikro0iMySx5VOlD9QIpy0B mxiy2K2BYQpgpU+8u4QajkC3GjjMvgef/cFhtOm9yZMi8n/jLJ2Oyj7WdX66wb6x MmOKf35jvhDsCLHyWBGLdapXAQ7FTs26sChdZvxaR28mYGxs3ALchq1gLcKFw4kH MbDJ0Y8Mdg7ELuuJ1I0oRjmvH3kiW2573X0Magv0xhujkRhQUxprslUGkTt3D3k/ 1RFGGVbJEwbJ9Hsd2UwXBcCPSlA/lKD7sbFQDyK14vCWmVV9WuY5fbxPEkzGP57r Jy+J6a2co+/WJNuQ1wKNrNgZ47jjKp1YAODng64+wA9cB/cV3igYkiTWvH76IqMT +lyoeeID1plCkkVrO3UYXEsh4nhVjOFU31BOnGErW5+oRepwwAgSqOcm81JBX373 5rCTTZh7t23A1Wc8OAJ6iqaHglgLYs2/trgr3nBlfnE1EK2MyUUShQGYaXjqJtKT 8mXwD8n0kryyCZDYGuH5o1PBT8Y3lWsNmW2It0JdqCyYimzAtIdz4YQi3+5526R5 eYavXu9JpXlZRVe24L3Ti0qBaElsr6vOdKQYnyhVwsWuupmPtoZl9NzumVKglW7P EFaGeUJdeWIEzNIuTYzT =ZJao -----END PGP SIGNATURE-----
--=-GF0pTBkJWX1iS/g0ieFP--
--===============3235241638145770196== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3235241638145770196==--
|
|
|
|