drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in provd
Name: |
Ausführen von Code mit höheren Privilegien in provd |
|
ID: |
USN-6912-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 24.04 LTS |
|
Datum: |
Mi, 24. Juli 2024, 23:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6714 |
|
Applikationen: |
provd |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6233042649095288390== Content-Language: en-GB Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------KIbprz6Jlhpe09l2xo2JBKsn"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------KIbprz6Jlhpe09l2xo2JBKsn Content-Type: multipart/mixed; boundary="------------fGqO8zRRYwOO4n5h7unizeQ0"; protected-headers="v1" From: Luci Stanescu <luci.stanescu@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <103e4892-29e7-41c6-a1b2-2c57e0d070f9@canonical.com> Subject: [USN-6912-1] provd vulnerability
--------------fGqO8zRRYwOO4n5h7unizeQ0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit
========================================================================== Ubuntu Security Notice USN-6912-1 July 24, 2024
provd vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
provd could be made to run programs as an administrator.
Software Description: - provd: Ubuntu Desktop Provision init backend
Details:
James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04 LTS provd 0.1.2+24.04
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6912-1 CVE-2024-6714,https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574
Package Information: https://launchpad.net/ubuntu/+source/provd/0.1.2+24.04
--------------fGqO8zRRYwOO4n5h7unizeQ0--
--------------KIbprz6Jlhpe09l2xo2JBKsn Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQS9fIzo5cOslDRPrg+TiY1To8lzAQUCZqDOZAAKCRCTiY1To8lz AZReAQCZR/i6r2VQuOA6cXnt/D/9A2DLi670bprRFr+NJavrUwD/UBYT3SCLTHQQ RWRxIJPHtNkRQDYi+yZTfholBedcjgk= =+QuI -----END PGP SIGNATURE-----
--------------KIbprz6Jlhpe09l2xo2JBKsn--
--===============6233042649095288390== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============6233042649095288390==--
|
|
|
|