Mangelnde Prüfung von Zertifikaten in Software Properties
ID: | USN-1352-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
Datum: | Di, 31. Januar 2012, 16:36 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4407 |
Applikationen: | Software Properties |
Originalnachricht |
|
--===============2997358964151763000== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-oqDfLWFA9FF383Hz+MNU" --=-oqDfLWFA9FF383Hz+MNU Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1352-1 January 31, 2012 software-properties vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Software Properties could be tricked into installing arbitrary PPA GPG keys. Software Description: - software-properties: manage the repositories that you install software from Details: David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: python-software-properties 0.81.13.3 Ubuntu 11.04: python-software-properties 0.80.9.1 Ubuntu 10.10: python-software-properties 0.76.7.1 Ubuntu 10.04 LTS: python-software-properties 0.75.10.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1352-1 CVE-2011-4407 Package Information: https://launchpad.net/ubuntu/+source/software-properties/0.81.13.3 https://launchpad.net/ubuntu/+source/software-properties/0.80.9.1 https://launchpad.net/ubuntu/+source/software-properties/0.76.7.1 https://launchpad.net/ubuntu/+source/software-properties/0.75.10.2 --ØqDfLWFA9FF383Hz+MNU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJPJ/H1AAoJEGVp2FWnRL6TwCwP/1RtukcwYrn++r0OYEDQ+3La uzyukB7CPX5XIm9bLnUw+801jjGED0+rizY6zjaed5zR4nq2XAk8vVwyRECUZwxa o5tH2cl2MylYC23ggWza1qh7248ZXUr+n1XrIj8mV+hclo2/oLZmZ5axuX2CPHNX VH6fJ0KUzj4PnN72bYIw6mo0cf0VtGCe6doudlxp61CGmzBSOY2TqtyOEP2h1iRl WbMirRlJYElVafBexGV/87fzeXAgdY//Kqdyq3vlw/TSJ0WlYJr88fKg/QQRxWbC yrBMsnMTFGW1ztDo1Xz5kJqrG1IUqd9gs5dPynhCCCbPo9MvP+J7sdnfQUMbOAeu Lb3MaH0q7LvhE5AWDMUmdjjT/IyozEkJpsehxVM/RS13WJi9tmYJZYtHjsWe8Dhv sg415Jw1kULCKSwKaYAdWkRQHgx18b1zNzAt2lprQBfv3BVgXdzRWjbGfhhlu7ay LA404x+qhVtgMcytCM9NlzJLddoEFa39yz46/n6DQUV9J2vi5XyaYkmz6mSf12JR fhJV2s4uOK7vxkhsCxrsOZ6pIZaGMdeWPtI2JW3j/tJUUgby4JUWJqC8/jxqasDU 9fa9T6GxaZKfHl7XUOyZGGptYGyPRoNmrirhI2yI4SCYkq4ecKXgRegGFluYHl7n wTk2K3IQkVB6r0tndKlQ =9par -----END PGP SIGNATURE----- --=-oqDfLWFA9FF383Hz+MNU-- --===============2997358964151763000== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============2997358964151763000==-- |