drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Apache
| Name: |
Mangelnde Rechteprüfung in Apache |
|
| ID: |
USN-1298-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 11.04, Ubuntu 11.10 |
|
| Datum: |
Mo, 12. Dezember 2011, 21:45 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729 |
|
| Applikationen: |
Apache |
|
Originalnachricht |
--===============5981723073357748623==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-k6eamnAO4qBeEtysozi5"
--=-k6eamnAO4qBeEtysozi5
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1298-1
December 12, 2011
commons-daemon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Apache Commons Daemon would allow unintended access to files over the
network.
Software Description:
- commons-daemon: wrapper to launch Java applications as daemons
Details:
Wilfried Weissmann discovered that Apache Commons Daemon incorrectly
dropped capabilities after starting. A remote attacker could possibly use
this flaw to read certain files, bypassing the intended permissions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libcommons-daemon-java 1.0.6-1ubuntu0.1
Ubuntu 11.04:
libcommons-daemon-java 1.0.4-1ubuntu0.1
After a standard system update you need to restart applications which use
Apache Commons Daemon, such as the Jetty web server, to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-1298-1
CVE-2011-2729
Package Information:
https://launchpad.net/ubuntu/+source/commons-daemon/1.0.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/commons-daemon/1.0.4-1ubuntu0.1
--Ô6eamnAO4qBeEtysozi5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJO5j6iAAoJEGVp2FWnRL6TZ7YQAL3tfpy2EwVWGUPTF0938vOn
jdUde7DlaC9CE6gpNYmTeY5b0dKBSPuMAMsoaWHfKz+Z1j26p+1TBsxg1Byz8b8Q
epiqOSWJMia5U83OxeWPIZU71wicanDLqioZDQLRVJWZbKAmKCDERYtpuotGLlui
tFhPbAusYj9KyfKftnoblKySMv/8EeQs4/P0MTalDlOFSX5nYpLu3YX7T8ZhJQW8
c7fS+0uofQy2vFJCctqoJ4OfKXv+thjBFyyPwtThKWqG1RZE+0E0bt1qxKdStFxV
LmF/u2OuyX/byNMXkgjkMnlr+5YF843pB+J5zNPQetPPPuLbIi6ckgXHAN+EbwJB
IcBqBrKVhsJNpGIJ2ITdOrkEz/YYvMNQ85a/976lmMSQtZ7xiaMa28zZeRnwerd8
oRLM0qIZ655eyaIXXYuoTNciLS9pbhZ/oi6mv6TLdH/mJZvXstHmiJ0Bfs8xE/CE
FqawUMXK5V67DRzUT6bHyUjfbHRDxo0WVLfw3Flfut2rGddHrK1deumcM9LHGdpm
v0SMIq17SNkHrfcoBvDkP6pinxjJRxX1u1Dd17ylHkDhTnQYmrrdPKJHTLgdbYuc
NJBCNhKQbilscEaZwknvK43Rid2XR468Bmu5uzZx/aZ4X1xIIpHhJhu7yu+oWkN8
QvTXxIWE234l8Ud0sgfW
=z4qn
-----END PGP SIGNATURE-----
--=-k6eamnAO4qBeEtysozi5--
--===============5981723073357748623==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5981723073357748623==--
|
|
|
|
