Fehlerhafte Zugriffsrechte in GLib
ID: | USN-4049-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10 |
Datum: | Mo, 8. Juli 2019, 19:45 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012 |
Applikationen: | GLib |
Originalnachricht |
|
--===============2793948457223157860== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4049-1 July 08, 2019 glib2.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GLib did not properly restrict directory and file permissions. Software Description: - glib2.0: GLib Input, Output and Streaming Library (fam module) Details: It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libglib2.0-0 2.58.1-2ubuntu0.2 libglib2.0-bin 2.58.1-2ubuntu0.2 Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.4 libglib2.0-bin 2.56.4-0ubuntu0.18.04.4 Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.3 libglib2.0-bin 2.48.2-0ubuntu4.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4049-1 CVE-2019-13012 Package Information: https://launchpad.net/ubuntu/+source/glib2.0/2.58.1-2ubuntu0.2 https://launchpad.net/ubuntu/+source/glib2.0/2.56.4-0ubuntu0.18.04.4 https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.3 --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJdI3gmAAoJEEW851uECx9pGRoP/iAOpCGT8SjOAdYPcQWsn6Bt TBTS86ywa78S2UF4Ot+E1gg60pr4xIKct96RjmMWJSV2tGXlwdDw4V2M0WYWApne KQAaJuX95o7BHSHWVb4CXVSawi+Bv8EWY1nvHFYK8Smy9OauCw5A6mbzr+BlzJSg 7fqY2qXKRAmVXG6ZOlKP+EipKTe7AQTmQj9XmJzB8eycUiRxRNgk4k+zUXVFNek4 nipw9QekpVUSVLXZaDnYmmD4RK2YPgk7VUS2sgkVWaJ3itSuDLlfhwfHjLCh7IMk y1306+u0HJfIH1UQcXkeRntBHyz/h5p/+SDX7Xt6WuxUF/w+rRbsnmmeszxdWAiM 2vMIn8upO+23/IhHY6ogD3TdThlha7gUOqsEcbbMADBY42FXEGLkUp7m1ZiYcgHw nv38KF8il3PYp7vM2y+Dh06rhSNgLe7pqxA2wrSEFiQzW8jNVfIglWI6uuop3MQj AqzqYrAsdWlvriQQyFny1yel6UWiH5c1SVR2pus+TFbTf+jG1XyXyZSakPRgFkae YjrPQcBpSK2X6DZqYtCjeE7phhf8ROOZZ1VDEZes7HuOsvo6hCCYCofDvuPYhHQG xY4FEkInJIT/FVgpRklN/CcnmXA2Pv7ghLFEVXmY8Vg2H+EWa9qf1n7AaqOjkvk0 2qFP4m4AtqZR6+Y9bouN =lmQG -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- --===============2793948457223157860== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |