Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in apt-xapian-index
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in apt-xapian-index
ID: USN-1955-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mi, 18. September 2013, 18:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1064
Applikationen: apt-xapian-index

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0679713321488397934==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig7E91DC6AB8B2F3CB002EA411"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7E91DC6AB8B2F3CB002EA411
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1955-1
September 18, 2013

apt-xapian-index vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

apt-xapian-index could be tricked into bypassing polkit authorizations.

Software Description:
- apt-xapian-index: maintenance and search tools for a Xapian index of Debian
package

Details:

It was discovered that apt-xapian-index was using polkit in an unsafe
manner. A local attacker could possibly use this issue to bypass intended
polkit authorizations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
apt-xapian-index 0.45ubuntu2.1

Ubuntu 12.10:
apt-xapian-index 0.44ubuntu7.1

Ubuntu 12.04 LTS:
apt-xapian-index 0.44ubuntu5.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1955-1
CVE-2013-1064

Package Information:
https://launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1
https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1
https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1



--------------enig7E91DC6AB8B2F3CB002EA411
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJSOcFzAAoJEGVp2FWnRL6T/AwP/3XtiUANVnNnDr8BqCMtE4ZF
0ArfDSnTkE362490EIokGMKtyavcdi1asJosGUlO0fea/Z/3FqqhwvotJMtWWFjA
7+cmDeQP9wo2kch65IkmRR/m3UqD6ldb5v3/bowyGyCo2FYZWUsVxyQfmwlQGWDn
EsmtGuJrIMNu6bNH/Tgsp7D9taKKhA9rCnYTty6FHDStP2abrTvL+Hqbg6cWIlWw
tj4d5SjrnxGCcZShPpKJ3cMGp7Lzm3QZ3DOu363h5KRSU5sCnRLH5/MJW7mS26gV
2KJtUcdD2k+GPrdGpjyBuyPuUEbtf739ivA8dyz+u1kVy2ucjajdJvgOcxmF6JdR
LOFrxrzw5P8J0LNIwd8xKiry8Pu1s07PnVo1FBVQ9c4+I2MYbQTNbhnGMhKOtpIP
mFCZyIUmgm9kL5aJJ8/YAuvQZ6yndM5HDfO/+XzMX8+wrTHwSae6NnmGL/qe7oYc
Rl4sww8frMeYQumHNL3u4BIxsdzVEHGBa/GePey5S+1Syq/Iz3gvwtaNrEyZTHaY
2r4UxjPT15ivIOQitfAMRi2jy5Aw1jdblL6tv2zoIhXoZaymhuRu6sasD0bbbHQy
hiSe2R7P22H2cvQPUcbIPK2RGBNLg5A6BxeQ9tiQrsKNsDVPE4Qi+yKx4SLQVDXo
/XHYHPZNrfC3P2e0Cz6/
=RYme
-----END PGP SIGNATURE-----

--------------enig7E91DC6AB8B2F3CB002EA411--


--===============0679713321488397934==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0679713321488397934==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung