drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in dpkg
Name: |
Mangelnde Prüfung von Zertifikaten in dpkg |
|
ID: |
USN-2566-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Do, 9. April 2015, 22:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0840 |
|
Applikationen: |
dpkg |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5280573189014685634== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TX9Gr6s35AWNsE7qJRiqLqt0jdWhTU6iX"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TX9Gr6s35AWNsE7qJRiqLqt0jdWhTU6iX Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2566-1 April 09, 2015
dpkg vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
dpkg could be tricked into bypassing source package signature checks.
Software Description: - dpkg: Debian package management system
Details:
Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libdpkg-perl 1.17.13ubuntu1.1
Ubuntu 14.04 LTS: libdpkg-perl 1.17.5ubuntu5.4
Ubuntu 12.04 LTS: libdpkg-perl 1.16.1.2ubuntu7.6
Ubuntu 10.04 LTS: dpkg-dev 1.15.5.6ubuntu4.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2566-1 CVE-2015-0840
Package Information: https://launchpad.net/ubuntu/+source/dpkg/1.17.13ubuntu1.1 https://launchpad.net/ubuntu/+source/dpkg/1.17.5ubuntu5.4 https://launchpad.net/ubuntu/+source/dpkg/1.16.1.2ubuntu7.6 https://launchpad.net/ubuntu/+source/dpkg/1.15.5.6ubuntu4.10
--TX9Gr6s35AWNsE7qJRiqLqt0jdWhTU6iX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVJtcNAAoJEGVp2FWnRL6TsuEP/3U2vsinBdEUpQhz5GMY3Pbq Mp3CkTKXhOwMW1MTWzlfg47jHMpt210QSgoDc7FgGmHRgb+Xrt/cdhT8v8wiriS0 dKaIJSlMAhnqXb3a6MHTT/NbVh5nUdv6389cJZ5jqpX6tRiPGPjtrSpP9/HSb/MA AQ5XFhkHGWnqvD1RusFYjAKW0TUvfMh8cLdGX7DRuwZGoovTUYK+b/ZvyxWNVs5l 58CqwgzBgGLr5mbnDmAAT5V54mic2P8tm00cHEtNwLojWSF3+2Wsik0wbOjitS8W JnohaExt0AFjQJ6ttXdXGeGFy8Pk2XFcFV3qZIgpeAWC8ZAHmf/R9/2e0jZZUTdT wVaFNmy/9b30gA5GpCxPZ4qaQzSxLCVljoMV9Zzmcj1heiIjg+06N1+3MWATBP+j zQ5piGMdwOCN7tEg18AzYb9jd9tbWF6R6a/vA8ABfdFyHSym1VHmZWcPPJ6hW748 MeHGBW97PjSo7whZpypedlSQYUSQdtqK/wu+mCejeXa3GW+YNzTxhJ+DJa0VknPh PvreAWi9s7BFqw+Rkr4hXuDXglEY3P3badexqp18FS4cJzirEm9sdtTkCEGxl/iT 3segVkJTH01xuKJoCc8o7VJURGMe07eZdKyXQ3YF1ILNeY92pth5UMpOW3SPBrDC MjGSW+VpgLI63RVNA9m8 =RY8E -----END PGP SIGNATURE-----
--TX9Gr6s35AWNsE7qJRiqLqt0jdWhTU6iX--
--===============5280573189014685634== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5280573189014685634==--
|
|
|
|