drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libproxy
| Name: |
Ausführen beliebiger Kommandos in libproxy |
|
| ID: |
USN-1629-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
| Datum: |
Mo, 12. November 2012, 23:24 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4504 |
|
| Applikationen: |
libproxy |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============5363675305300906537==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigC4641F3A04A81935D3A0F87A"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC4641F3A04A81935D3A0F87A
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1629-1
November 12, 2012
libproxy vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
libproxy could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- libproxy: automatic proxy configuration management library
Details:
Tomas Mraz discovered that libproxy incorrectly handled certain PAC files.
A remote attacker could use this issue to cause libproxy to crash, or to
possibly execute arbitrary code. (CVE-2012-4504, CVE-2012-4505)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libproxy1 0.4.7-0ubuntu4.1
Ubuntu 11.10:
libproxy0 0.3.1-2ubuntu6.1
Ubuntu 10.04 LTS:
libproxy0 0.3.1-1ubuntu1.1
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1629-1
CVE-2012-4504, CVE-2012-4505
Package Information:
https://launchpad.net/ubuntu/+source/libproxy/0.4.7-0ubuntu4.1
https://launchpad.net/ubuntu/+source/libproxy/0.3.1-2ubuntu6.1
https://launchpad.net/ubuntu/+source/libproxy/0.3.1-1ubuntu1.1
--------------enigC4641F3A04A81935D3A0F87A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQoSG9AAoJEGVp2FWnRL6TgLUQAKUF+mkDiq9AgICXfTeroXB3
zy13TYsjHhnoMH7GW2RXOJT5tmL+bXgLDqN52vY5Tn1/BQFRUCIduhuzLPmnZaUw
z1DArSD+C8slbcEF/4ZINpMiLOytiRnZlxtCoFG2tkNYD7P3jrgsbnLP85mkZkwe
baR4M0d3Lo/QjMTknoSx3iZxYgaUH3kWbrGNrYHwFTHWSrI8E6IBLOgAnrfpM7zN
EhyvIQY3IO/rFQHrThHGC5vIePc9ywKLCtLxEiu05zThEE2m21VzZnWwgLnf7aR7
RUnJrJCic0taZY3kSBKI5riJmPr6PITia97IixkMoEaTCDTD+g9G+f+IcSrxTcpP
iNHhDxcqpC+zKcwbIoMOgOh8A/2EMYgYFJVvuK2uv184TQwPe1jSRZgAYFHRp4zQ
Nx51uRNpoUoWyHwV0VpLZE3L35XCFTRLqR/6TkoL+dOK0hUUnnzVIG4tcD5l5BV7
sHVclTGMHp5xTRuGZTma7zNDQKXGtXQ3gDfuI1QRFF7jG4LuUZD838OHwcEP2W7S
DyUnPBLFmPnp18yJ4rwI3HaNumzUmXLnJqPGjG9ij06Fc+gOd3+a7YTBC8jsoRz+
Qp8FDFvevB9ZelJ1VMis74Z0JNMHjtcuSlhEB2UScd2PfmejfPz6lrlRFCr3Gw29
1omYVBM5Okam3LM4+Qr/
=s+a/
-----END PGP SIGNATURE-----
--------------enigC4641F3A04A81935D3A0F87A--
--===============5363675305300906537==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5363675305300906537==--
|
|
|
|
