drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Software Properties
| Name: |
Mangelnde Prüfung von Zertifikaten in Software Properties |
|
| ID: |
USN-1352-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
| Datum: |
Di, 31. Januar 2012, 16:36 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4407 |
|
| Applikationen: |
Software Properties |
|
Originalnachricht |
--===============2997358964151763000==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-oqDfLWFA9FF383Hz+MNU"
--=-oqDfLWFA9FF383Hz+MNU
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1352-1
January 31, 2012
software-properties vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG
keys.
Software Description:
- software-properties: manage the repositories that you install software from
Details:
David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
python-software-properties 0.81.13.3
Ubuntu 11.04:
python-software-properties 0.80.9.1
Ubuntu 10.10:
python-software-properties 0.76.7.1
Ubuntu 10.04 LTS:
python-software-properties 0.75.10.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1352-1
CVE-2011-4407
Package Information:
https://launchpad.net/ubuntu/+source/software-properties/0.81.13.3
https://launchpad.net/ubuntu/+source/software-properties/0.80.9.1
https://launchpad.net/ubuntu/+source/software-properties/0.76.7.1
https://launchpad.net/ubuntu/+source/software-properties/0.75.10.2
--ØqDfLWFA9FF383Hz+MNU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPJ/H1AAoJEGVp2FWnRL6TwCwP/1RtukcwYrn++r0OYEDQ+3La
uzyukB7CPX5XIm9bLnUw+801jjGED0+rizY6zjaed5zR4nq2XAk8vVwyRECUZwxa
o5tH2cl2MylYC23ggWza1qh7248ZXUr+n1XrIj8mV+hclo2/oLZmZ5axuX2CPHNX
VH6fJ0KUzj4PnN72bYIw6mo0cf0VtGCe6doudlxp61CGmzBSOY2TqtyOEP2h1iRl
WbMirRlJYElVafBexGV/87fzeXAgdY//Kqdyq3vlw/TSJ0WlYJr88fKg/QQRxWbC
yrBMsnMTFGW1ztDo1Xz5kJqrG1IUqd9gs5dPynhCCCbPo9MvP+J7sdnfQUMbOAeu
Lb3MaH0q7LvhE5AWDMUmdjjT/IyozEkJpsehxVM/RS13WJi9tmYJZYtHjsWe8Dhv
sg415Jw1kULCKSwKaYAdWkRQHgx18b1zNzAt2lprQBfv3BVgXdzRWjbGfhhlu7ay
LA404x+qhVtgMcytCM9NlzJLddoEFa39yz46/n6DQUV9J2vi5XyaYkmz6mSf12JR
fhJV2s4uOK7vxkhsCxrsOZ6pIZaGMdeWPtI2JW3j/tJUUgby4JUWJqC8/jxqasDU
9fa9T6GxaZKfHl7XUOyZGGptYGyPRoNmrirhI2yI4SCYkq4ecKXgRegGFluYHl7n
wTk2K3IQkVB6r0tndKlQ
=9par
-----END PGP SIGNATURE-----
--=-oqDfLWFA9FF383Hz+MNU--
--===============2997358964151763000==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2997358964151763000==--
|
|
|
|
