Login
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Zertifikaten in Software Properties
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in Software Properties
ID: USN-1352-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Di, 31. Januar 2012, 16:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4407
Applikationen: Software Properties

Originalnachricht


--===============2997358964151763000==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-oqDfLWFA9FF383Hz+MNU"


--=-oqDfLWFA9FF383Hz+MNU
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1352-1
January 31, 2012

software-properties vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Software Properties could be tricked into installing arbitrary PPA GPG
keys.

Software Description:
- software-properties: manage the repositories that you install software from

Details:

David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
python-software-properties 0.81.13.3

Ubuntu 11.04:
python-software-properties 0.80.9.1

Ubuntu 10.10:
python-software-properties 0.76.7.1

Ubuntu 10.04 LTS:
python-software-properties 0.75.10.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1352-1
CVE-2011-4407

Package Information:
https://launchpad.net/ubuntu/+source/software-properties/0.81.13.3
https://launchpad.net/ubuntu/+source/software-properties/0.80.9.1
https://launchpad.net/ubuntu/+source/software-properties/0.76.7.1
https://launchpad.net/ubuntu/+source/software-properties/0.75.10.2



--ØqDfLWFA9FF383Hz+MNU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPJ/H1AAoJEGVp2FWnRL6TwCwP/1RtukcwYrn++r0OYEDQ+3La
uzyukB7CPX5XIm9bLnUw+801jjGED0+rizY6zjaed5zR4nq2XAk8vVwyRECUZwxa
o5tH2cl2MylYC23ggWza1qh7248ZXUr+n1XrIj8mV+hclo2/oLZmZ5axuX2CPHNX
VH6fJ0KUzj4PnN72bYIw6mo0cf0VtGCe6doudlxp61CGmzBSOY2TqtyOEP2h1iRl
WbMirRlJYElVafBexGV/87fzeXAgdY//Kqdyq3vlw/TSJ0WlYJr88fKg/QQRxWbC
yrBMsnMTFGW1ztDo1Xz5kJqrG1IUqd9gs5dPynhCCCbPo9MvP+J7sdnfQUMbOAeu
Lb3MaH0q7LvhE5AWDMUmdjjT/IyozEkJpsehxVM/RS13WJi9tmYJZYtHjsWe8Dhv
sg415Jw1kULCKSwKaYAdWkRQHgx18b1zNzAt2lprQBfv3BVgXdzRWjbGfhhlu7ay
LA404x+qhVtgMcytCM9NlzJLddoEFa39yz46/n6DQUV9J2vi5XyaYkmz6mSf12JR
fhJV2s4uOK7vxkhsCxrsOZ6pIZaGMdeWPtI2JW3j/tJUUgby4JUWJqC8/jxqasDU
9fa9T6GxaZKfHl7XUOyZGGptYGyPRoNmrirhI2yI4SCYkq4ecKXgRegGFluYHl7n
wTk2K3IQkVB6r0tndKlQ
=9par
-----END PGP SIGNATURE-----

--=-oqDfLWFA9FF383Hz+MNU--



--===============2997358964151763000==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2997358964151763000==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung