drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Schlüsseln in python-software-properties
Name: |
Mangelnde Prüfung von Schlüsseln in python-software-properties |
|
ID: |
USN-1588-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Mo, 1. Oktober 2012, 23:46 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
python-software-properties |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============8594370470456497127== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig78774E36FA8AC7F0422996CB"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig78774E36FA8AC7F0422996CB Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1588-1 October 01, 2012
software-properties vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG keys.
Software Description: - software-properties: manage the repositories that you install software from
Details:
It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: python-software-properties 0.82.7.3
Ubuntu 11.10: python-software-properties 0.81.13.5
Ubuntu 11.04: python-software-properties 0.80.9.2
Ubuntu 10.04 LTS: python-software-properties 0.75.10.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1588-1 https://launchpad.net/bugs/1016643
Package Information: https://launchpad.net/ubuntu/+source/software-properties/0.82.7.3 https://launchpad.net/ubuntu/+source/software-properties/0.81.13.5 https://launchpad.net/ubuntu/+source/software-properties/0.80.9.2 https://launchpad.net/ubuntu/+source/software-properties/0.75.10.3
--------------enig78774E36FA8AC7F0422996CB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQadd/AAoJEGVp2FWnRL6TOM4P/2ENRUFBRwnQ3Hr8LmzP90FS ic1toMovt6V1KfG5vxn77ROKUD1YAQX48DSxIP57KAnpOOzriuQW0gunzYsEMRXZ GrYntyquJ84PfU7x0O7a9xSI+g/MIGngEZrH6aGs8rohrPlGmLqzkwQTQ/4Ubosb hkLtbnLE3ZoSzIUcG7Lw9d+7FsYkdIoHsAwRnjG2QtcxieH3DRzmS5wWBoG2k0b/ oANyA2z2JrZnUe5VI06/U8gLEzBIRo2RkxijmnuKW9T9MEeRXWBXzzg9Ba2utuW1 dU9gVQ6Eg9GWThZT+W3kqAX8U73bp1ZUfuzPa0LarYnkxZRj2UGEZLVEcdVfy7YY qMAViIf51Krz1vpp57oE0a4HYfh5HBw7t0Zw3lBcuYmrl9Plo8qEXkPHqap0JSSs I520isQ+h+mKzA4VhwQBPY6Tc6a7BEHPp9uKRijL8x+Kf0IJKslo7so7ViAXW5X5 Csig1Tg5KhKXp7SczVQfEz62ptkAMzqfYnx/9QDfpPzLjV+4pmi86HZJ/PcXU49L uCqH3c+p8pbcw5t8TXePxkuaD4LoohKWlIXIZX1NZbRCWtBqVwJHRFzaYGFfeRE8 35LJ5B0qpLRyDsrnP6yEUFS5vx+wxwoK4SNqL7onYN52m0jSlzb2OBs/t3oALiqs dyi43BanrLW55iRT2Dzq =rqWO -----END PGP SIGNATURE-----
--------------enig78774E36FA8AC7F0422996CB--
--===============8594370470456497127== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8594370470456497127==--
|
|
|
|