drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Apache
Name: |
Mangelnde Rechteprüfung in Apache |
|
ID: |
USN-1298-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Mo, 12. Dezember 2011, 21:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729 |
|
Applikationen: |
Apache |
|
Originalnachricht |
--===============5981723073357748623== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-k6eamnAO4qBeEtysozi5"
--=-k6eamnAO4qBeEtysozi5 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1298-1 December 12, 2011
commons-daemon vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04
Summary:
Apache Commons Daemon would allow unintended access to files over the network.
Software Description: - commons-daemon: wrapper to launch Java applications as daemons
Details:
Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libcommons-daemon-java 1.0.6-1ubuntu0.1
Ubuntu 11.04: libcommons-daemon-java 1.0.4-1ubuntu0.1
After a standard system update you need to restart applications which use Apache Commons Daemon, such as the Jetty web server, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1298-1 CVE-2011-2729
Package Information: https://launchpad.net/ubuntu/+source/commons-daemon/1.0.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/commons-daemon/1.0.4-1ubuntu0.1
--Ô6eamnAO4qBeEtysozi5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJO5j6iAAoJEGVp2FWnRL6TZ7YQAL3tfpy2EwVWGUPTF0938vOn jdUde7DlaC9CE6gpNYmTeY5b0dKBSPuMAMsoaWHfKz+Z1j26p+1TBsxg1Byz8b8Q epiqOSWJMia5U83OxeWPIZU71wicanDLqioZDQLRVJWZbKAmKCDERYtpuotGLlui tFhPbAusYj9KyfKftnoblKySMv/8EeQs4/P0MTalDlOFSX5nYpLu3YX7T8ZhJQW8 c7fS+0uofQy2vFJCctqoJ4OfKXv+thjBFyyPwtThKWqG1RZE+0E0bt1qxKdStFxV LmF/u2OuyX/byNMXkgjkMnlr+5YF843pB+J5zNPQetPPPuLbIi6ckgXHAN+EbwJB IcBqBrKVhsJNpGIJ2ITdOrkEz/YYvMNQ85a/976lmMSQtZ7xiaMa28zZeRnwerd8 oRLM0qIZ655eyaIXXYuoTNciLS9pbhZ/oi6mv6TLdH/mJZvXstHmiJ0Bfs8xE/CE FqawUMXK5V67DRzUT6bHyUjfbHRDxo0WVLfw3Flfut2rGddHrK1deumcM9LHGdpm v0SMIq17SNkHrfcoBvDkP6pinxjJRxX1u1Dd17ylHkDhTnQYmrrdPKJHTLgdbYuc NJBCNhKQbilscEaZwknvK43Rid2XR468Bmu5uzZx/aZ4X1xIIpHhJhu7yu+oWkN8 QvTXxIWE234l8Ud0sgfW =z4qn -----END PGP SIGNATURE-----
--=-k6eamnAO4qBeEtysozi5--
--===============5981723073357748623== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5981723073357748623==--
|
|
|
|