Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in RealtimeKit
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in RealtimeKit
ID: USN-1959-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mi, 18. September 2013, 18:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4326
Applikationen: RealtimeKit

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1584615060108269061==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig185A57A388CC4313F370DDDA"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig185A57A388CC4313F370DDDA
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1959-1
September 18, 2013

rtkit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

RealtimeKit could be tricked into bypassing polkit authorizations.

Software Description:
- rtkit: Realtime Policy and Watchdog Daemon

Details:

It was discovered that RealtimeKit was using polkit in an unsafe manner. A
local attacker could possibly use this issue to bypass intended polkit
authorizations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
rtkit 0.10-2ubuntu0.13.04.1

Ubuntu 12.10:
rtkit 0.10-2ubuntu0.12.10.1

Ubuntu 12.04 LTS:
rtkit 0.10-2ubuntu0.12.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1959-1
CVE-2013-4326

Package Information:
https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/rtkit/0.10-2ubuntu0.12.04.1



--------------enig185A57A388CC4313F370DDDA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJSOcG+AAoJEGVp2FWnRL6T2CAP/3H/CynXvUA9ACt8H2EGABBH
1tBwWhmYJzIGgqHCced1nA23N/cudM3Zg1E06qpRretfw5Cr8R+mmLnlEc/ijfqq
SwLwld9bXZmyuj/v/XMZtXI+s0ChjDOdMqlXI/1eC1QkjTMu/oDC+vlKevdaXk4y
bX9cHPACJL+IBF4BVaE/qgpNCjv3qtLKxZ+etMkg5KBTGN0o6o4NMtwISFjYUHLA
ekol0obkifkcDh1u0dkGdIfnywmgFVG9hYvaYHLHqQS0D4lWnTPU1W20gFg7SLfE
m/fM0OBsRCZn6tPzRUqmLAh7vCjePh9UPmO8SrUuTS07fH9X1v7SuYkQARbkir5D
QoHa2VioiRT/cxdKzXktUphBP1aM5i0g6JQ/Zom4TZBv0LSG6qCQmt9cSmyGumDd
AzubPNVZ12WdXZealFFeD1iBQ09rG8j8aJ4Lq9M9oa2IamRIHJHNlRAZJYjdc4Hk
LiEFcy6UmV1KTVdRdvt6pqfmH8BUlMEYZU0pKN7pSVnI2GxN/M48PUBlSB9bEUGU
2TB+RznmnI3348I9kiy6ZwxBsdJK7pmheSxaU/1ZjpsY5nDYnqED6CwkbD6lf84f
F0OWbpRqolfrh+wunBbLtr0EdRnH5fMNPQT5U2zYafcCzq33fOcV5IZAoCGgXUT/
xDNTLSFZo/AP0jKPL4u8
=F4zx
-----END PGP SIGNATURE-----

--------------enig185A57A388CC4313F370DDDA--


--===============1584615060108269061==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1584615060108269061==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung