drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in unity-firefox-extension
| Name: |
Ausführen beliebiger Kommandos in unity-firefox-extension |
|
| ID: |
USN-1639-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.10 |
|
| Datum: |
Do, 22. November 2012, 20:49 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0960
https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.1-0ubuntu1.1 |
|
| Applikationen: |
unity-firefox-extension |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============3649529665688277400==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig30A05F030DD4F50BF94715E7"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig30A05F030DD4F50BF94715E7
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1639-1
November 22, 2012
unity-firefox-extension vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
unity-firefox-extension could be made to crash or run programs as your
login if it opened a malicious website.
Software Description:
- unity-firefox-extension: Firefox extension: Unity Integration
Details:
It was discovered that unity-firefox-extension incorrectly handled certain
callbacks. A remote attacker could use this issue to cause
unity-firefox-extension to crash, resulting in a denial of service, or
possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
xul-ext-unity 2.4.1-0ubuntu1.1
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-1639-1
CVE-2012-0960
Package Information:
https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.1-0ubuntu1.1
--------------enig30A05F030DD4F50BF94715E7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQrmvWAAoJEGVp2FWnRL6Tt8gP/3oBDyisLL3jXlZmyuCq6nDK
5DXCG03LZ6nE4RZUytGX6T3e2aHqq6ZgskwMMjm3YGTwALQYCKkLbxmxOckle6pr
XvSF30MJeej6/0UBpJgcfcLK+9YDPoNjbXPT83gfufaWLM+Hiyzc91IxNogead0d
qokAaH21x3wBThSw9fm9nVYpWasfQlZaV+HqPwDgd2yec7ulwwJHnI4LUEI2w5Kl
3Hl4cxXtvHX2K6yI/9FSsO/ui2n6M2j4m4dYkVQoT1L8QXtWTJq3rzng0sAIVK/N
84RfV1ynvpU8Vzk0vHsoCyz1hzFKzpelldwWZhetbewSobp7FETcvJpzFOvZx4C5
6tNxYJCRZNXwu1VmICRz8ydSCFkplv4Hd4pu4nosdjcwpSDIh39FCuHZZtiRjPgK
j5A3E7EJO/jlTaWmNte8HRzckDJgv25YegRcZZIXutGW7+WZXyE5/KA1vQJu0JC4
Fge1N3FX/4X6a7z5eEndtCmZqUkB3HspN6u5P7wHxd6IS0vv3wObIrNJKZdG9W2P
f/vpr0AkgTQj9/+kIPO4ez2rWrF2Q9GSrE1r+be9fwgRNDxT29lXpvq8vTmW9o9C
zuNlAnhLFZ5EzjmVnlRqLzen3BLdW6yMLqJ66kcRrAdu4Ofr1Fqf0QG8djV4ikvy
dGX+9RR07okwCrUpvnSy
=xamd
-----END PGP SIGNATURE-----
--------------enig30A05F030DD4F50BF94715E7--
--===============3649529665688277400==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3649529665688277400==--
|
|
|
|
