drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Schlüsseln in python-software-properties
| Name: |
Mangelnde Prüfung von Schlüsseln in python-software-properties |
|
| ID: |
USN-1588-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
| Datum: |
Mo, 1. Oktober 2012, 23:46 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
python-software-properties |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============8594370470456497127==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig78774E36FA8AC7F0422996CB"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig78774E36FA8AC7F0422996CB
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1588-1
October 01, 2012
software-properties vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG keys.
Software Description:
- software-properties: manage the repositories that you install software
from
Details:
It was discovered that the apt-add-repository tool incorrectly validated
PPA GPG keys when importing from a keyserver. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
install altered package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
python-software-properties 0.82.7.3
Ubuntu 11.10:
python-software-properties 0.81.13.5
Ubuntu 11.04:
python-software-properties 0.80.9.2
Ubuntu 10.04 LTS:
python-software-properties 0.75.10.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1588-1
https://launchpad.net/bugs/1016643
Package Information:
https://launchpad.net/ubuntu/+source/software-properties/0.82.7.3
https://launchpad.net/ubuntu/+source/software-properties/0.81.13.5
https://launchpad.net/ubuntu/+source/software-properties/0.80.9.2
https://launchpad.net/ubuntu/+source/software-properties/0.75.10.3
--------------enig78774E36FA8AC7F0422996CB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQadd/AAoJEGVp2FWnRL6TOM4P/2ENRUFBRwnQ3Hr8LmzP90FS
ic1toMovt6V1KfG5vxn77ROKUD1YAQX48DSxIP57KAnpOOzriuQW0gunzYsEMRXZ
GrYntyquJ84PfU7x0O7a9xSI+g/MIGngEZrH6aGs8rohrPlGmLqzkwQTQ/4Ubosb
hkLtbnLE3ZoSzIUcG7Lw9d+7FsYkdIoHsAwRnjG2QtcxieH3DRzmS5wWBoG2k0b/
oANyA2z2JrZnUe5VI06/U8gLEzBIRo2RkxijmnuKW9T9MEeRXWBXzzg9Ba2utuW1
dU9gVQ6Eg9GWThZT+W3kqAX8U73bp1ZUfuzPa0LarYnkxZRj2UGEZLVEcdVfy7YY
qMAViIf51Krz1vpp57oE0a4HYfh5HBw7t0Zw3lBcuYmrl9Plo8qEXkPHqap0JSSs
I520isQ+h+mKzA4VhwQBPY6Tc6a7BEHPp9uKRijL8x+Kf0IJKslo7so7ViAXW5X5
Csig1Tg5KhKXp7SczVQfEz62ptkAMzqfYnx/9QDfpPzLjV+4pmi86HZJ/PcXU49L
uCqH3c+p8pbcw5t8TXePxkuaD4LoohKWlIXIZX1NZbRCWtBqVwJHRFzaYGFfeRE8
35LJ5B0qpLRyDsrnP6yEUFS5vx+wxwoK4SNqL7onYN52m0jSlzb2OBs/t3oALiqs
dyi43BanrLW55iRT2Dzq
=rqWO
-----END PGP SIGNATURE-----
--------------enig78774E36FA8AC7F0422996CB--
--===============8594370470456497127==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8594370470456497127==--
|
|
|
|
