drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in elfutils
Name: |
Überschreiben von Dateien in elfutils |
|
ID: |
USN-2482-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Fr, 23. Januar 2015, 08:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 |
|
Applikationen: |
elfutils |
|
Originalnachricht |
--===============4893477300965912965== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline
--sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-2482-1 January 23, 2015
elfutils vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
elfutils could be made to overwrite files in the root directory if it received a specially crafted file.
Software Description: - elfutils: collection of utilities to handle ELF objects
Details:
Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libelf1 0.160-0ubuntu2.1
Ubuntu 14.04 LTS: libelf1 0.158-0ubuntu5.2
Ubuntu 12.04 LTS: libelf1 0.152-1ubuntu3.1
Ubuntu 10.04 LTS: libelf1 0.143-1ubuntu0.1
After a standard system update you need to restart applications using libelf1 to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2482-1 CVE-2014-9447
Package Information: https://launchpad.net/ubuntu/+source/elfutils/0.160-0ubuntu2.1 https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.2 https://launchpad.net/ubuntu/+source/elfutils/0.152-1ubuntu3.1 https://launchpad.net/ubuntu/+source/elfutils/0.143-1ubuntu0.1
--sdtB3X0nJg68CQEu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUwaOrAAoJENaSAD2qAscK/ZIP/iBvVartalsHJVl/sBJ4qBJq 0+2dLShK+qkQymShW8fB+QSTbLxqIPw4Mejm002CRU1tSHpFAHUWoYdZsDld87VT 7kISRVY/ZwxmmeKHqBdej5aXvoDG3YdjmnmM/VGFtzm+BlQLY+jFlaRpc9z1WraM yY53kuPJ9JuqVRvoSDppHbNFq0StZTzxfxK+gZ0RlLzYbm2eL80ZBGDKuYRRh+LW WCZX0/Plt3gbX6OMVV2jRvJINPXnT1VxVY3LwzDtsY00ToQvt8LEpUtpgF0Y9dLt RFjKCuk+EOSoHDVGGXNEfbPttLWzcHd2PqM/oY4VSxVrI7sQeieeNWZSOaXL/EWU N/nNQj3xBR5EykU5S3hnQIrGJPKv3wY0/eJmFgFR/6caLuZg7y/xdCNneCtedoTT 3/WPLU0ufECC0w4HM7at+sgDfUc6fQDFUEfYVZV3uJlxYQCypY4qVR0V8i5e55ZN wtRqqhKeyRCzmfzuZ+s+dih7gosUmbyzBi1B0d0CibAtdeiASrERZHYgYChFeUZ4 L7xdfOh/gxk1YE/ri4calLcPmpMvWRTTJFORqF1mZ2q2UnmabKZnYBEzD5rHhYV7 /XI54awmivjEaB09Kjak4wbFnau1PgBR/ifTCVacGT0P1EijQ5o/Oo5yYt/rxAGO qToB5we+yKymM8Pnzt0F =VZ9H -----END PGP SIGNATURE-----
--sdtB3X0nJg68CQEu--
--===============4893477300965912965== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4893477300965912965==--
|
|
|
|