Login
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Zertifikaten in libGData
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in libGData
ID: USN-1547-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10
Datum: Mi, 29. August 2012, 07:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1177
Applikationen: libGData

Originalnachricht


--===============2916892917229801891==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="n/aVsWSeQ4JHkrmm"
Content-Disposition: inline


--n/aVsWSeQ4JHkrmm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1547-1
August 28, 2012

libgdata, evolution-data-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Applications using GData services could be made to expose sensitive
information over the network.

Software Description:
- libgdata: Library to access GData services
- evolution-data-server: Evolution suite data server

Details:

Vreixo Formoso discovered that the libGData library, as used
by Evolution and other applications, did not properly verify SSL
certificates. A remote attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter data
transmitted via the GData protocol.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libgdata13 0.9.1-0ubuntu2.1

Ubuntu 11.04:
libgdata11 0.8.0-0ubuntu1.1

Ubuntu 10.04 LTS:
libgdata-google1.2-1 2.28.3.1-0ubuntu6.1
libgdata1.2-1 2.28.3.1-0ubuntu6.1
libgdata6 0.5.2-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1547-1
CVE-2012-1177

Package Information:
https://launchpad.net/ubuntu/+source/libgdata/0.9.1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/libgdata/0.8.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evolution-data-server/2.28.3.1-0ubuntu6.1
https://launchpad.net/ubuntu/+source/libgdata/0.5.2-0ubuntu1.1


--n/aVsWSeQ4JHkrmm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQPVIsAAoJEC8Jno0AXoH06rMQAJVCxhbrLYV5ZxYnHIVyW4Vt
43hNCnpKYeHqNvXvevNHbg0Clm0cbXF1YvVopRH+cLXAxLqc4yDUM7Y4EGuJAEeG
CqYdHVUnd0iEmiLWX6hca2Eqoy8MUfUXZvXTV36SB5SUjtHcFo9Juo93TRVSr6I9
ZERwTf9nOd03uN65eqnIQNqlwiT0OOh+utxT3ykIX1cZ6OlRHwkwnvvFPSUaDjeW
iGJnVK2Vjo925WaNoDzqj/WTAYAeeeoJKR3dhjM1azV/4KzS48lWacmcy2q2nPdo
GzjUqaAVj7mSo00hkrsWFWt/62iLxrUse1xumlDAZM5BZsLDwqix56X3JR71Z2QG
1k2pzr2L4A1fhZuuFIwGmPQj7xrMnBuupxCSAMWLwcadD70iKk75XI/lJxS5Un6H
jsvqB5CF37YPjxj1cMk2fFPVtyl35hf16ilAhzG0wG57x9GE6xZx+CgDKkrjM8gG
9tjS/gzVYAghCE0R9tcCvSN0g2Fy5bXhyzFFI4XOtMbWkWbfW5fGcW69MjWTKjLe
/QK34dXsFD10x/dBaorzGX6KO4itTD+2qFIrM1z2CJSSssfkkiSzfazIUfbqCX6Z
980s1JYEqomOzT5bJHKCFuRDs0Czh7b+ikF1BU0+DJ9ibxfgRvS6sFNgEPe4FRgk
4F+AjlZC5v0AiHrwIv2u
=ScZf
-----END PGP SIGNATURE-----

--n/aVsWSeQ4JHkrmm--


--===============2916892917229801891==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2916892917229801891==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung