Login
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Schlüsseln in python-software-properties
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Schlüsseln in python-software-properties
ID: USN-1588-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Mo, 1. Oktober 2012, 23:46
Referenzen: Keine Angabe
Applikationen: python-software-properties

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============8594370470456497127==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig78774E36FA8AC7F0422996CB"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig78774E36FA8AC7F0422996CB
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1588-1
October 01, 2012

software-properties vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Software Properties could be tricked into installing arbitrary PPA GPG keys.

Software Description:
- software-properties: manage the repositories that you install software
from

Details:

It was discovered that the apt-add-repository tool incorrectly validated
PPA GPG keys when importing from a keyserver. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
install altered package repository GPG keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
python-software-properties 0.82.7.3

Ubuntu 11.10:
python-software-properties 0.81.13.5

Ubuntu 11.04:
python-software-properties 0.80.9.2

Ubuntu 10.04 LTS:
python-software-properties 0.75.10.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1588-1
https://launchpad.net/bugs/1016643

Package Information:
https://launchpad.net/ubuntu/+source/software-properties/0.82.7.3
https://launchpad.net/ubuntu/+source/software-properties/0.81.13.5
https://launchpad.net/ubuntu/+source/software-properties/0.80.9.2
https://launchpad.net/ubuntu/+source/software-properties/0.75.10.3



--------------enig78774E36FA8AC7F0422996CB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQadd/AAoJEGVp2FWnRL6TOM4P/2ENRUFBRwnQ3Hr8LmzP90FS
ic1toMovt6V1KfG5vxn77ROKUD1YAQX48DSxIP57KAnpOOzriuQW0gunzYsEMRXZ
GrYntyquJ84PfU7x0O7a9xSI+g/MIGngEZrH6aGs8rohrPlGmLqzkwQTQ/4Ubosb
hkLtbnLE3ZoSzIUcG7Lw9d+7FsYkdIoHsAwRnjG2QtcxieH3DRzmS5wWBoG2k0b/
oANyA2z2JrZnUe5VI06/U8gLEzBIRo2RkxijmnuKW9T9MEeRXWBXzzg9Ba2utuW1
dU9gVQ6Eg9GWThZT+W3kqAX8U73bp1ZUfuzPa0LarYnkxZRj2UGEZLVEcdVfy7YY
qMAViIf51Krz1vpp57oE0a4HYfh5HBw7t0Zw3lBcuYmrl9Plo8qEXkPHqap0JSSs
I520isQ+h+mKzA4VhwQBPY6Tc6a7BEHPp9uKRijL8x+Kf0IJKslo7so7ViAXW5X5
Csig1Tg5KhKXp7SczVQfEz62ptkAMzqfYnx/9QDfpPzLjV+4pmi86HZJ/PcXU49L
uCqH3c+p8pbcw5t8TXePxkuaD4LoohKWlIXIZX1NZbRCWtBqVwJHRFzaYGFfeRE8
35LJ5B0qpLRyDsrnP6yEUFS5vx+wxwoK4SNqL7onYN52m0jSlzb2OBs/t3oALiqs
dyi43BanrLW55iRT2Dzq
=rqWO
-----END PGP SIGNATURE-----

--------------enig78774E36FA8AC7F0422996CB--


--===============8594370470456497127==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8594370470456497127==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung