drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in language-selector
| Name: |
Ausführen beliebiger Kommandos in language-selector |
|
| ID: |
USN-1115-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.10 |
|
| Datum: |
Di, 19. April 2011, 22:49 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0729 |
|
| Applikationen: |
language-selector |
|
Originalnachricht |
--===============7035417484665238178==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="OpLPJvDmhXTZE4Lg"
Content-Disposition: inline
--OpLPJvDmhXTZE4Lg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-1115-1
April 19, 2011
language-selector vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary:
Local users could gain root access via the language-selector.
Software Description:
- language-selector: Language selector for Ubuntu Linux
Details:
Romain Perier discovered that the language-selector D-Bus backend did not
correctly check for Policy Kit authorizations. A local attacker could exploit
this to inject shell commands into the system-wide locale configuration file,
leading to root privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
language-selector-common 0.6.7
In general, a standard system update will make all the necessary changes.
References:
CVE-2011-0729
Package Information:
https://launchpad.net/ubuntu/+source/language-selector/0.6.7
--OpLPJvDmhXTZE4Lg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJNrdcVAAoJEIly9N/cbcAm7uoP/3V4icOYuOEI/jJr+rlawa7a
vA5qNxLHlhh/WVxBHD7b6lCK72VqLQ6oc+wGz4NfTgvcNzRdrhQFBtHPgDRi7Ftd
RW+fytQS7Pd/1+pm14mm8yxuwmYtk0G3Js8Ku0K1wM7hW6omv5uNrjgVn7Eclxn0
AVWkZqO/QrClEWCxrwYoCUE3vcKLYsm5zKt20r97Y/+pRS1wRr0mFI2I3I4t4tgK
ihcTDN5wQawmNAiFSTnbPpT6DTRMGyROMRkVvPFnQd+HB7qyCSgkNVXFaf5aj116
ps57ehG5Dnpy/KS0VUu8f7ofwJ63pUZY+0MKGt4fJ1PvlLlwcVSQI02a0hL521Xm
ltCBgxO/VGjK5Rujrr1KnLPl4swAnIxop6QL4b7wfzXa2LPh20qPBCySZayNm185
d5gjBSGHyrE6F7IZCw0QtgYtAsTSx4UyKIm92dPz/LGFLdi97sRyI16rvkbj8AWb
sYcsEw/CzWN6A6/ezmC7R4xdsTQQPycfNkZdJ2w+r1SdYTUhF+1O6yD7X+7SO6bw
sIVKARZw5r6fKwdEHZLRNo1eT/7STiLpxzhv8Rze1wFrlg9BJwndVnjQPDS275Kz
cpFPQuN1+zajI/wl7U2dwaZBEHuVYZRQHDAd9Z6Q0sJNzpJJQJC/iitfw59cLHSL
jewp+58KyvWG/KVaEHYj
=S/NE
-----END PGP SIGNATURE-----
--OpLPJvDmhXTZE4Lg--
--===============7035417484665238178==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7035417484665238178==--
|
|
|
|
