drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in accountsservice
| Name: |
Preisgabe von Informationen in accountsservice |
|
| ID: |
USN-1485-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 11.10, Ubuntu 12.04 LTS |
|
| Datum: |
Do, 28. Juni 2012, 20:55 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2737 |
|
Originalnachricht |
--===============1381207849678728701==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-OzW/AkbAKiFnc3xNDziv"
--=-OzW/AkbAKiFnc3xNDziv
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1485-1
June 28, 2012
accountsservice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
AccountsService could be made to read arbitrary files as the administrator.
Software Description:
- accountsservice: query and manipulate user account information
Details:
Florian Weimer discovered that AccountsService incorrectly handled
privileges when copying certain files to the system cache directory. A
local attacker could exploit this issue to read arbitrary files, bypassing
intended permissions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
accountsservice 0.6.15-2ubuntu9.1
libaccountsservice0 0.6.15-2ubuntu9.1
Ubuntu 11.10:
accountsservice 0.6.14-1git1ubuntu1.2
libaccountsservice0 0.6.14-1git1ubuntu1.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1485-1
CVE-2012-2737
Package Information:
https://launchpad.net/ubuntu/+source/accountsservice/0.6.15-2ubuntu9.1
https://launchpad.net/ubuntu/+source/accountsservice/0.6.14-1git1ubuntu1.2
--ØzW/AkbAKiFnc3xNDziv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP7KPhAAoJEGVp2FWnRL6TYvYP+gOqFieelELwCFm1KS9GSqXK
ZgjNQuHZQkb3qiObZUf/qGTaI9uZCUjCxgy7OoN/zwzoW4xFzdlM8xIBU8Uh6sj1
vni2gNQ4uAK36u/ILqMQC8y0SHI+xal7xnYNxcFtIg+JU5OVTyfTxjEwM7JGkfca
dypkzlW6INDj8utY1JG50ALOgzWVNWPYm0prkBFq7uMsBERUmdUY9gb7c4+Jm+kg
67TWw4xyp4LBdtlJhNwNbYQ+64lU3hvuVYGW1/Lp/Q/J7Tpo1pfKvpevWryM/HIF
bJFQcI9ULhoOo9gsr37YUylQ0Ig9EBiKMv6CDn/IM1moPvACEaQD8CqRvDbeasNs
QgEcPfzOwNyy+vFSbH67YAd/9br6jAfjRsa9jk8MJrL/nBOifz8XqnDY/6YCx7AQ
dqxNH1D+AoaOy3TR6gZZmqpjHehKqKhpJl/UpKFN2fvC4c2bOErG2Lbp38lkwfnP
rzyW/pXHVz93ybvYQwKU1fBy4zDBGHkKLjwWLqTGT9Vqxg/NS/mke6vOt/PusT18
o8x1k9VE7buFMP2JV/HWpUc9r6LLpqkIDRRbyJ/nu9+DghRCi2Lh3lskH/JcbOzY
8CbAonTRdqPTsN02soJePo9XY/YiZQC6flqrGhC+OKUXoR7n4+qMwwehPuq0rNm1
nxGhBWmWv9T2XcKGhxlQ
=Z1+w
-----END PGP SIGNATURE-----
--=-OzW/AkbAKiFnc3xNDziv--
--===============1381207849678728701==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1381207849678728701==--
|
|
|
|
