Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in Apache
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in Apache
ID: USN-1298-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10
Datum: Mo, 12. Dezember 2011, 21:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729
Applikationen: Apache

Originalnachricht


--===============5981723073357748623==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-k6eamnAO4qBeEtysozi5"


--=-k6eamnAO4qBeEtysozi5
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1298-1
December 12, 2011

commons-daemon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Apache Commons Daemon would allow unintended access to files over the
network.

Software Description:
- commons-daemon: wrapper to launch Java applications as daemons

Details:

Wilfried Weissmann discovered that Apache Commons Daemon incorrectly
dropped capabilities after starting. A remote attacker could possibly use
this flaw to read certain files, bypassing the intended permissions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libcommons-daemon-java 1.0.6-1ubuntu0.1

Ubuntu 11.04:
libcommons-daemon-java 1.0.4-1ubuntu0.1

After a standard system update you need to restart applications which use
Apache Commons Daemon, such as the Jetty web server, to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-1298-1
CVE-2011-2729

Package Information:
https://launchpad.net/ubuntu/+source/commons-daemon/1.0.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/commons-daemon/1.0.4-1ubuntu0.1



--Ô6eamnAO4qBeEtysozi5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJO5j6iAAoJEGVp2FWnRL6TZ7YQAL3tfpy2EwVWGUPTF0938vOn
jdUde7DlaC9CE6gpNYmTeY5b0dKBSPuMAMsoaWHfKz+Z1j26p+1TBsxg1Byz8b8Q
epiqOSWJMia5U83OxeWPIZU71wicanDLqioZDQLRVJWZbKAmKCDERYtpuotGLlui
tFhPbAusYj9KyfKftnoblKySMv/8EeQs4/P0MTalDlOFSX5nYpLu3YX7T8ZhJQW8
c7fS+0uofQy2vFJCctqoJ4OfKXv+thjBFyyPwtThKWqG1RZE+0E0bt1qxKdStFxV
LmF/u2OuyX/byNMXkgjkMnlr+5YF843pB+J5zNPQetPPPuLbIi6ckgXHAN+EbwJB
IcBqBrKVhsJNpGIJ2ITdOrkEz/YYvMNQ85a/976lmMSQtZ7xiaMa28zZeRnwerd8
oRLM0qIZ655eyaIXXYuoTNciLS9pbhZ/oi6mv6TLdH/mJZvXstHmiJ0Bfs8xE/CE
FqawUMXK5V67DRzUT6bHyUjfbHRDxo0WVLfw3Flfut2rGddHrK1deumcM9LHGdpm
v0SMIq17SNkHrfcoBvDkP6pinxjJRxX1u1Dd17ylHkDhTnQYmrrdPKJHTLgdbYuc
NJBCNhKQbilscEaZwknvK43Rid2XR468Bmu5uzZx/aZ4X1xIIpHhJhu7yu+oWkN8
QvTXxIWE234l8Ud0sgfW
=z4qn
-----END PGP SIGNATURE-----

--=-k6eamnAO4qBeEtysozi5--



--===============5981723073357748623==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============5981723073357748623==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung