drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in devscripts
Name: |
Mehrere Probleme in devscripts |
|
ID: |
USN-1366-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Mi, 15. Februar 2012, 21:03 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0212 |
|
Applikationen: |
devscripts |
|
Originalnachricht |
--===============3045656995946458706== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="A6N2fC+uXW/VQSAv" Content-Disposition: inline
--A6N2fC+uXW/VQSAv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1366-1 February 15, 2012
devscripts vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
debdiff, a part of devscripts, could be made to run programs as your login if it opened a specially crafted file.
Software Description: - devscripts: scripts to make the life of a Debian Package maintainer easier
Details:
Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0210)
Raphael Geissert discovered that debdiff did not properly sanitize its input when processing source packages. If debdiff processed an original source tarball, with crafted filenames in the top-level directory, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0211)
Raphael Geissert discovered that debdiff did not properly sanitize its input when processing filename parameters. If debdiff processed a crafted filename parameter, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0212)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: devscripts 2.11.1ubuntu3.1
Ubuntu 11.04: devscripts 2.10.69ubuntu2.1
Ubuntu 10.10: devscripts 2.10.67ubuntu1.1
Ubuntu 10.04 LTS: devscripts 2.10.61ubuntu5.1
Ubuntu 8.04 LTS: devscripts 2.10.11ubuntu5.8.04.5
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1366-1 CVE-2012-0210, CVE-2012-0211, CVE-2012-0212
Package Information: https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.67ubuntu1.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.11ubuntu5.8.04.5
--A6N2fC+uXW/VQSAv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPO+bRAAoJENaSAD2qAscKCPMQALzFq3P5Pwpp7Jx1A/t6qlrI sWDvCzTd0fhVusxh91pfCW7KWLKGt686SIlFLKBx4bkXnoMuAxOpI8ucmrAxjeio 7MEd3UZLhDp8JMMGtQmGrqfc3bFr5JJxwG7vlNcH25WjAOK0+FqxqURVEJcVXlRR CNvc2wtAefN3TNmlg6gjG8dmmlhLkr839EKAJIsTQO+pu50Oij4RV9uNDXq+ZtU+ Lg7Kg2CPKsj8bPA/XFOHKfCaNnTcrHcVSU20q5l2I1hqGR/7WsmIrlwpL46EGPLY xOKHWFjpl5ixFx4gBraWS24Eh5kV/BtDb5dumz0aMfdJQfWYqmOBqoQdhv4NHmvb NNoYoso5EmoODV+CKYrL86y3U8guyzMsGX1cuSe7Dt9DwKoP0Sm3gELe2iC7JCzb twuxUa0uxkOrZQ2AKWD2WjUw4dUrH8HFMQisma++VAnRKKjIWPJ+r5Ud6CkQ5DsT SliWVNKJ68TqQCpdDgBeosPHoRg9g0T1KjC9IX3XQlyOJLZIK7JHvbJ6L/6LKCTv KkDSWgrW5MrhJUM/GOECSTFDz4vLrmDuFckiS7BtP4fV+UT4hpGPP8WPTK3ilPJo PXuWM1MCJXothRDMDWFAlebnrbltIX1Du3bKDmmsk2CJds/h190YGfJtsSnci77w 5kWh+wokUa0p0dG1+hQe =SsFS -----END PGP SIGNATURE-----
--A6N2fC+uXW/VQSAv--
--===============3045656995946458706== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3045656995946458706==--
|
|
|
|