Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in colord
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in colord
ID: USN-1289-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.10
Datum: Mi, 7. Dezember 2011, 22:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4349
Applikationen: colord

Originalnachricht


--===============0001219432266679484==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-z7XwD1UpxtL7t/U0UTG9"


--=-z7XwD1UpxtL7t/U0UTG9
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1289-1
December 07, 2011

colord vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

colord could be made to modify databases.

Software Description:
- colord: Service to manage device colour profiles

Details:

It was discovered that colord incorrectly handled certain SQL queries. A
local attacker could exploit this to modify arbitrary sqlite databases. On
Ubuntu, colord runs as its own user by default, so standard file
permissions would limit which databases could be altered.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
colord 0.1.12-1ubuntu2.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1289-1
CVE-2011-4349

Package Information:
https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1



--Ó7XwD1UpxtL7t/U0UTG9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJO37z9AAoJEGVp2FWnRL6Tp/gP/iAQCUKTVISQUiAMJT6zsBun
4WZKEO6Gd8esQyuTxfEYMN69VA5x6zI87oR1nuPodUvFjRSs/5XvQeaGRMMpmYw3
jYwmm7AWfXbtdy1B68YWDVzIbyUz65u3qC+0+tqLCjNqQKne3TSeCDfolCs/Amk2
EoYNM7f98ZGAalnKoSS3CoYXQb4Z45Q07frSMFBYNyr9632InkpFgNQftE4UazB/
hsLBQiDd4rtrjLUV0OD1tguLXcsSXo5GoJYzGQlltINweSU9gA9hi68k6ve6Vl75
gT2ECKLbuabU77ineEMT8OYLqKiqq3fcAW6NozSwoewX7ad6hrNxiqnfQEMwXrWa
dIqSWYNXSYKLGaCqnC7OtJEI4YFCHp7KPeNn8OoOGWAaBkkl1IspdsxajXvks3qs
vZm9KrM+f7ObScFR/pg9KNvXBgMDzJjkCmtFONR4pmfZ2qguxeSDeWd5n94iaZaQ
+ucBPpkmLeBGLPlw2N/TdVcopQL8KwWGw+hnD/JfS34bo8Y4QyYllg8Fn6IZIiEv
v3wS6gnD45q029r1IxcseTsDFUTjNAldR6qY0RQpZs9JQyexK0tAMTM5QWeJBEnp
FcFKL19U8/XUvFOgfdDS/DV+SiJb+rfg/69xb/EQ//4RCMwgmDyBxrG79GBBvJLz
oStsy0oZYn+HMG07SYDu
=4jY0
-----END PGP SIGNATURE-----

--=-z7XwD1UpxtL7t/U0UTG9--



--===============0001219432266679484==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0001219432266679484==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung