drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in language-selector
Name: |
Ausführen beliebiger Kommandos in language-selector |
|
ID: |
USN-1115-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.10 |
|
Datum: |
Di, 19. April 2011, 22:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0729 |
|
Applikationen: |
language-selector |
|
Originalnachricht |
--===============7035417484665238178== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OpLPJvDmhXTZE4Lg" Content-Disposition: inline
--OpLPJvDmhXTZE4Lg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011
language-selector vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary:
Local users could gain root access via the language-selector.
Software Description: - language-selector: Language selector for Ubuntu Linux
Details:
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: language-selector-common 0.6.7
In general, a standard system update will make all the necessary changes.
References: CVE-2011-0729
Package Information: https://launchpad.net/ubuntu/+source/language-selector/0.6.7
--OpLPJvDmhXTZE4Lg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook <kees@outflux.net>
iQIcBAEBCgAGBQJNrdcVAAoJEIly9N/cbcAm7uoP/3V4icOYuOEI/jJr+rlawa7a vA5qNxLHlhh/WVxBHD7b6lCK72VqLQ6oc+wGz4NfTgvcNzRdrhQFBtHPgDRi7Ftd RW+fytQS7Pd/1+pm14mm8yxuwmYtk0G3Js8Ku0K1wM7hW6omv5uNrjgVn7Eclxn0 AVWkZqO/QrClEWCxrwYoCUE3vcKLYsm5zKt20r97Y/+pRS1wRr0mFI2I3I4t4tgK ihcTDN5wQawmNAiFSTnbPpT6DTRMGyROMRkVvPFnQd+HB7qyCSgkNVXFaf5aj116 ps57ehG5Dnpy/KS0VUu8f7ofwJ63pUZY+0MKGt4fJ1PvlLlwcVSQI02a0hL521Xm ltCBgxO/VGjK5Rujrr1KnLPl4swAnIxop6QL4b7wfzXa2LPh20qPBCySZayNm185 d5gjBSGHyrE6F7IZCw0QtgYtAsTSx4UyKIm92dPz/LGFLdi97sRyI16rvkbj8AWb sYcsEw/CzWN6A6/ezmC7R4xdsTQQPycfNkZdJ2w+r1SdYTUhF+1O6yD7X+7SO6bw sIVKARZw5r6fKwdEHZLRNo1eT/7STiLpxzhv8Rze1wFrlg9BJwndVnjQPDS275Kz cpFPQuN1+zajI/wl7U2dwaZBEHuVYZRQHDAd9Z6Q0sJNzpJJQJC/iitfw59cLHSL jewp+58KyvWG/KVaEHYj =S/NE -----END PGP SIGNATURE-----
--OpLPJvDmhXTZE4Lg--
--===============7035417484665238178== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7035417484665238178==--
|
|
|
|