© 2012 Pro-Linux
Mangelnde Rechteprüfung in X.Org
| ID: | USN-1349-1 |
| Distribution: | Ubuntu |
| Plattformen: | Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
| Datum: | Do, 26. Januar 2012, 22:35 |
| Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4613 |
Originalnachricht |
|
--===============5741918688863420434== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-nIhaskgV674S/o7iKgYf" --=-nIhaskgV674S/o7iKgYf Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1349-1 January 26, 2012 xorg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: X could be made to start by a user who lacked appropriate permissions. Software Description: - xorg: X.Org X Window System Details: It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: xserver-xorg 1:7.6+7ubuntu7.1 Ubuntu 11.04: xserver-xorg 1:7.6+4ubuntu3.2 Ubuntu 10.10: xserver-xorg 1:7.5+6ubuntu3.1 Ubuntu 10.04 LTS: xserver-xorg 1:7.5+5ubuntu1.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1349-1 CVE-2011-4613 Package Information: https://launchpad.net/ubuntu/+source/xorg/1:7.6+7ubuntu7.1 https://launchpad.net/ubuntu/+source/xorg/1:7.6+4ubuntu3.2 https://launchpad.net/ubuntu/+source/xorg/1:7.5+6ubuntu3.1 https://launchpad.net/ubuntu/+source/xorg/1:7.5+5ubuntu1.1 --×IhaskgV674S/o7iKgYf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJPIZ4WAAoJEGVp2FWnRL6TEqwQAIveOI36ShwzqPoe3dmGnTlI dCBx9Sp1I25E72tm9SKNfmLjxLT10t9EcAt9mAuqsxx5PAfx22IXkAHXE35MkFNF Ypnd3ktWxLUxg5K8FsNTKBs77uBIoY9U6hXxsafze3cr1EVzCMR+pQo6/xMzIoqa 2Brr4a2+vL0gAJqL5XtCtJIhDpF/8DznXDLszMfQGOXH1QlRUnvgc4OSx+4aXvXU LEAup4kgJWmK5JSLwoRngZcRo5CYIALFuAfQUdnFKdw8ItbjvpfCGz4uUiMZ+cFj g7ymy0v8A7hyqh5W2vTZP3EpStsn27efqjlj6xm4ECu2qpCJVIu1GaIv0e4yct5S JKz88nc9bpK0KRmz5PsB+mkBumOCv5++wLSbqNUecx24JjKg3O0Punc27kxxyKJ8 VDkxxfuoFNmRVD25IHn9oLuSfmESQRKK7IOaerFEvjigQEdM+ITVrHlp/9HATTgX UanJHC9XeDVdLHtRQZp/L5X/8129e7Fln4bPcpQwoSodmGo0vcd3qxaY0RI+/8+S w3QUb/09Wzmdt9qEBchSdAy1cabErinPkxtrO6ITOXtd6+NFMiebYakWPX8LExCo VJ3pdQ3p/2sxrjQpcvZQZwcYj7ulEHNz80b7+zvxmqpG3Cp9y2lQUXyCcjm2TM5E ZluHU8yPXD2G5BdCf64K =kHGa -----END PGP SIGNATURE----- --=-nIhaskgV674S/o7iKgYf-- --===============5741918688863420434== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============5741918688863420434==-- | |