drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in colord
Name: |
Ausführen beliebiger Kommandos in colord |
|
ID: |
USN-1289-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.10 |
|
Datum: |
Mi, 7. Dezember 2011, 22:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4349 |
|
Applikationen: |
colord |
|
Originalnachricht |
--===============0001219432266679484== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-z7XwD1UpxtL7t/U0UTG9"
--=-z7XwD1UpxtL7t/U0UTG9 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1289-1 December 07, 2011
colord vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
colord could be made to modify databases.
Software Description: - colord: Service to manage device colour profiles
Details:
It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: colord 0.1.12-1ubuntu2.1
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1289-1 CVE-2011-4349
Package Information: https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1
--Ó7XwD1UpxtL7t/U0UTG9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJO37z9AAoJEGVp2FWnRL6Tp/gP/iAQCUKTVISQUiAMJT6zsBun 4WZKEO6Gd8esQyuTxfEYMN69VA5x6zI87oR1nuPodUvFjRSs/5XvQeaGRMMpmYw3 jYwmm7AWfXbtdy1B68YWDVzIbyUz65u3qC+0+tqLCjNqQKne3TSeCDfolCs/Amk2 EoYNM7f98ZGAalnKoSS3CoYXQb4Z45Q07frSMFBYNyr9632InkpFgNQftE4UazB/ hsLBQiDd4rtrjLUV0OD1tguLXcsSXo5GoJYzGQlltINweSU9gA9hi68k6ve6Vl75 gT2ECKLbuabU77ineEMT8OYLqKiqq3fcAW6NozSwoewX7ad6hrNxiqnfQEMwXrWa dIqSWYNXSYKLGaCqnC7OtJEI4YFCHp7KPeNn8OoOGWAaBkkl1IspdsxajXvks3qs vZm9KrM+f7ObScFR/pg9KNvXBgMDzJjkCmtFONR4pmfZ2qguxeSDeWd5n94iaZaQ +ucBPpkmLeBGLPlw2N/TdVcopQL8KwWGw+hnD/JfS34bo8Y4QyYllg8Fn6IZIiEv v3wS6gnD45q029r1IxcseTsDFUTjNAldR6qY0RQpZs9JQyexK0tAMTM5QWeJBEnp FcFKL19U8/XUvFOgfdDS/DV+SiJb+rfg/69xb/EQ//4RCMwgmDyBxrG79GBBvJLz oStsy0oZYn+HMG07SYDu =4jY0 -----END PGP SIGNATURE-----
--=-z7XwD1UpxtL7t/U0UTG9--
--===============0001219432266679484== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0001219432266679484==--
|
|
|
|