drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Ubuntu One Client (Aktualisierung)
| Name: |
Mangelnde Prüfung von Zertifikaten in Ubuntu One Client (Aktualisierung) |
|
| ID: |
USN-1465-3 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS |
|
| Datum: |
Do, 7. Juni 2012, 07:46 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4409 |
|
| Update von: |
Mangelnde Prüfung von Zertifikaten in Ubuntu One Client |
|
Originalnachricht |
--===============7817179821779610119==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-litLD/+od1eMuqrdR2OE"
--=-litLD/+od1eMuqrdR2OE
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1465-3
June 06, 2012
ubuntuone-client regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software Description:
- ubuntuone-client: Ubuntu One client
Details:
USN-1465-1 fixed vulnerabilities in Ubuntu One Client. The update failed to
install on certain Ubuntu 10.04 LTS systems that had a legacy Python 2.5
package installed. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Ubuntu One Client incorrectly validated server
certificates when using HTTPS connections. If a remote attacker were able
to perform a man-in-the-middle attack, this flaw could be exploited to
alter or compromise confidential information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
python-ubuntuone-client 1.2.2-0ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1465-3
http://www.ubuntu.com/usn/usn-1465-1
CVE-2011-4409
Package Information:
https://launchpad.net/ubuntu/+source/ubuntuone-client/1.2.2-0ubuntu2.3
--ÕitLD/+od1eMuqrdR2OE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPz7r9AAoJEFHb3FjMVZVzJwgP/2skWfNODWMRoNBTRTKo9hug
AFVIpNi69yMv67FbC0OMDlOu7QE9bYWYPpKSpljTwZ4SO1Gb2cZgXd4axCsqjxm/
o6Mo3ceXWYotvuqn4LIr4QYTYb65aS1YoX26Xh35rEMOqA7XRrHrrfbmFz7irgsn
cv09mnKjRgQ/wQA/GWiceB0aHvEFbwMZ0jW1bIL4+r0jFyfxtemnmilcRoliaJ+f
gN/yzb3fbV4w9heIZe6NCMUzwxqwLobUqLn8xyKrwQt2uFMUSKQq8BdQ+FTfbBZ0
EzGRIBQHBBzYdP8AxuUDeMbCrUejk3ptxS4mjEzMoQF2VrzLbQF3TBdB7Z0jbdbi
f7m+eJtAZzGvcHSribjOE/WH3ov1OHbEkUo0oHzrLBYifdZ+3iav9Gzt+59XO/mK
Bailn6ZicgBzf7qcb7OEAFEqUlAyl5u+ZZNvNWqyS9Go8pzkxDgxy9a2IkPRvh+A
KnWLTAKO7uWe/tKvfPMAei/1rP7vPnlb9h3ttKPZwu87HVKJ0ysS8uP1lGkayWmW
6gQF1p4RDUfqiLqzuwyAt+Jmbj2makWkZe7b/suV6sG+FvbY5iXshOVReppsFMG8
1ACI/BT4pEZvsPwkaTBlaurlgWKXpFuwbxgPKBIztKxFa/JTKrrouUC+Q2RhTZtq
RBJXM0vVy69RfZrcK2+y
=yX0S
-----END PGP SIGNATURE-----
--=-litLD/+od1eMuqrdR2OE--
--===============7817179821779610119==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7817179821779610119==--
|
|
|
|
