drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in NSPR
Name: |
Ausführen beliebiger Kommandos in NSPR |
|
ID: |
USN-2087-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.10 |
|
Datum: |
Do, 23. Januar 2014, 20:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607 |
|
Applikationen: |
NSPR |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7097129875844778419== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2087-1 January 23, 2014
nspr vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
NSPR could be made to crash or run programs if it received a specially crafted certificate.
Software Description: - nspr: NetScape Portable Runtime Library
Details:
It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libnspr4 2:4.9.5-1ubuntu1.1
Ubuntu 12.10: libnspr4 4.9.5-0ubuntu0.12.10.2
Ubuntu 12.04 LTS: libnspr4 4.9.5-0ubuntu0.12.04.2
Ubuntu 10.04 LTS: libnspr4-0d 4.9.5-0ubuntu0.10.04.2
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2087-1 CVE-2013-5607
Package Information: https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1 https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2 https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2
--EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1 6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6 E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC 45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt KcbQSmUwKDjf4xi84DVJ =vLNM -----END PGP SIGNATURE-----
--EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ--
--===============7097129875844778419== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7097129875844778419==--
|
|
|
|