drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in cifs-utils
| Name: |
Denial of Service in cifs-utils |
|
| ID: |
USN-1226-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Mi, 5. Oktober 2011, 07:24 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2724 |
|
| Applikationen: |
cifs-utils |
|
Originalnachricht |
--===============7468540522578374557==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-PLJBX+iCv48gCgCKdrky"
--=-PLJBX+iCv48gCgCKdrky
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1226-2
October 04, 2011
cifs-utils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
Summary:
An attacker could trick cifs-utils into corrupting the system mtab file.
Software Description:
- cifs-utils: Common Internet File System utilities
Details:
Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the
mtab file. A local attacker could use this issue to corrupt the mtab file,
possibly leading to a denial of service. (CVE-2011-1678)
Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain
strings being added to the mtab file. A local attacker could use this issue
to corrupt the mtab file, possibly leading to a denial of service.
(CVE-2011-2724)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
smbfs 2:4.5-2ubuntu0.11.04.1
Ubuntu 10.10:
smbfs 2:4.5-2ubuntu0.10.10.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1226-2
http://www.ubuntu.com/usn/usn-1226-1
CVE-2011-1678, CVE-2011-2724
Package Information:
https://launchpad.net/ubuntu/+source/cifs-utils/2:4.5-2ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/cifs-utils/2:4.5-2ubuntu0.10.10.1
--ÙLJBX+iCv48gCgCKdrky
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOi2quAAoJEGVp2FWnRL6TJKgQAJiSoFv8KPjGTWHDO4MbrkiN
KQ0FcQgL9oZflHX/AXALHSYu2FYaXGdpYFL8MVSXClUK84o9RxzzVv0LR2Ha0Vpz
X28ZG58Yi7zdst9butAe0yJoRVJ3vekLBhl3+2P54sqL+ybXnjkrE+SGkdX1mbY1
UDixMJzsgjdeznkp3L6PagCsOxi195LnFuYU5cE6z+d0elZtLlWiGLmpPtCjdTmg
nTF/TmDBG+XxiLcKg7/S+3i98DqT9RPIEEW53Urv3l++w7wyvgkINivnyuoyzy/b
QtlW/SRJPSWTeUk8i1XYdNR7kzL0mU7XLNOaTMGCi9XQ5iMQZSXwy0GVI92v/CvN
hdXty49W1Z4CCkyJ30B1FuOMdG2yAlot0607ppvOEMfHWlL47Rg80Tpb+bbd0Nyc
gqUCGyorSlvdOS/7SOscXfK267b6oinuSxcneU1Ag1WMqSITRRNSjirZxgi8I/u7
dz7nY8lsEJA1kTrlcgh9EJVqEkF+xml1fC+iYDqMbX3qzS1RfArljyoy2Wm2FD8C
3dRr68FDBaoKB4MfcxF/+Fz70hD8GNbiqYSX9zVec2iaw2oJ9AwuZGe66NOoQSo4
rIlZE33tfBPYbG5DvbBhQfmOK1zRn4fprIuGKn+abJ4G19b3n/sgDeZeuFvmJIbe
tT33txpvBs2wNrF47Mpt
=j/Op
-----END PGP SIGNATURE-----
--=-PLJBX+iCv48gCgCKdrky--
--===============7468540522578374557==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7468540522578374557==--
|
|
|
|
