Login
Newsletter
Werbung

Sicherheit: Installation von manipulierten Paketen in Aptdaemon
Aktuelle Meldungen Distributionen
Name: Installation von manipulierten Paketen in Aptdaemon
ID: USN-1414-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10
Datum: Di, 3. April 2012, 08:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0944
Applikationen: Aptdaemon

Originalnachricht


--===============6517476304965155358==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-5tDjL+HX8QzgB8+9ZFkQ"


--=-5tDjL+HX8QzgB8+9ZFkQ
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1414-1
April 02, 2012

aptdaemon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

An attacker could trick Aptdaemon into installing altered packages.

Software Description:
- aptdaemon: transaction based package management service

Details:

It was discovered that Aptdaemon incorrectly handled installing packages
without performing a transaction simulation. An attacker could possibly use
this flaw to install altered packages.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
python-aptdaemon 0.43+bzr697-0ubuntu1.2

Ubuntu 11.04:
python-aptdaemon 0.41+bzr661-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1414-1
CVE-2012-0944

Package Information:
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.2
https://launchpad.net/ubuntu/+source/aptdaemon/0.41+bzr661-0ubuntu0.2



--ÕtDjL+HX8QzgB8+9ZFkQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPeeDdAAoJEGVp2FWnRL6TR8MP/i9YFQHGYyoSLsWe7hvX3hA8
ecDib7a3bZl78H0ZEUlsvqB10yIFO19axDonyXmGNNCpgT1v1llbkVK6oO9yjF2I
DrYzT18od+VGL3etqWCJ3eCTtE3pPaLTSd1oPklN+nDlu3q5qA8QBw8pFzBYtvwQ
vyXAXs9GQxj3x+9kXlu/hq4q/o3nHUtqTuxVq9UMNAV5XeD6G6BLQv7K7a4JRLSk
hwJpsCV6bGy/UzTmuKFTEpD+TwcS4GgKmwpfgGT0wW7qryz9XxSJyVK5iXdst5pE
3vBxNZWrLhdQXCvq5qcsoiQsTouwdgbeVbzDNQE7f8lvHzI0p9/mbal/TK7FjMGW
mGYrCVvMuG2OuO5TuGij0NRQjOKfrmNDrNZpDFO4gUd9JkdCBlMPOCXgsADjpRpj
XiIODPDlfxzDUV4eceVX/0G3/4PoEzME46zEdwEVfDW+/5Ci8GwY75beA5QRUMPl
cO0QjR9v5D6LUJpWDOup2lJsOpZNMov4ayAxd0EYTORKPDgZ5PXluUXvzCALn10T
TBNIZw/3fhrMDOhbMo7x6aNjYVxdhceMEUA3bxLDhG1hnp6BIOB41wAgvyO/p1+N
hwgvk4htuaCzuG3wg5+mOS9K1bTO6WlLQudVlpHjsHT0Hkm7xaqmdoQ1qnu6odoH
fZ0njCWh/MXMq/Ta5799
=6tBY
-----END PGP SIGNATURE-----

--=-5tDjL+HX8QzgB8+9ZFkQ--



--===============6517476304965155358==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6517476304965155358==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung