drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Software Properties
Name: |
Mangelnde Prüfung von Zertifikaten in Software Properties |
|
ID: |
USN-1352-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Di, 31. Januar 2012, 16:36 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4407 |
|
Applikationen: |
Software Properties |
|
Originalnachricht |
--===============2997358964151763000== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-oqDfLWFA9FF383Hz+MNU"
--=-oqDfLWFA9FF383Hz+MNU Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1352-1 January 31, 2012
software-properties vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG keys.
Software Description: - software-properties: manage the repositories that you install software from
Details:
David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: python-software-properties 0.81.13.3
Ubuntu 11.04: python-software-properties 0.80.9.1
Ubuntu 10.10: python-software-properties 0.76.7.1
Ubuntu 10.04 LTS: python-software-properties 0.75.10.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1352-1 CVE-2011-4407
Package Information: https://launchpad.net/ubuntu/+source/software-properties/0.81.13.3 https://launchpad.net/ubuntu/+source/software-properties/0.80.9.1 https://launchpad.net/ubuntu/+source/software-properties/0.76.7.1 https://launchpad.net/ubuntu/+source/software-properties/0.75.10.2
--ØqDfLWFA9FF383Hz+MNU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPJ/H1AAoJEGVp2FWnRL6TwCwP/1RtukcwYrn++r0OYEDQ+3La uzyukB7CPX5XIm9bLnUw+801jjGED0+rizY6zjaed5zR4nq2XAk8vVwyRECUZwxa o5tH2cl2MylYC23ggWza1qh7248ZXUr+n1XrIj8mV+hclo2/oLZmZ5axuX2CPHNX VH6fJ0KUzj4PnN72bYIw6mo0cf0VtGCe6doudlxp61CGmzBSOY2TqtyOEP2h1iRl WbMirRlJYElVafBexGV/87fzeXAgdY//Kqdyq3vlw/TSJ0WlYJr88fKg/QQRxWbC yrBMsnMTFGW1ztDo1Xz5kJqrG1IUqd9gs5dPynhCCCbPo9MvP+J7sdnfQUMbOAeu Lb3MaH0q7LvhE5AWDMUmdjjT/IyozEkJpsehxVM/RS13WJi9tmYJZYtHjsWe8Dhv sg415Jw1kULCKSwKaYAdWkRQHgx18b1zNzAt2lprQBfv3BVgXdzRWjbGfhhlu7ay LA404x+qhVtgMcytCM9NlzJLddoEFa39yz46/n6DQUV9J2vi5XyaYkmz6mSf12JR fhJV2s4uOK7vxkhsCxrsOZ6pIZaGMdeWPtI2JW3j/tJUUgby4JUWJqC8/jxqasDU 9fa9T6GxaZKfHl7XUOyZGGptYGyPRoNmrirhI2yI4SCYkq4ecKXgRegGFluYHl7n wTk2K3IQkVB6r0tndKlQ =9par -----END PGP SIGNATURE-----
--=-oqDfLWFA9FF383Hz+MNU--
--===============2997358964151763000== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2997358964151763000==--
|
|
|
|