drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Update Manager (Aktualisierung)
Name: |
Zwei Probleme in Update Manager (Aktualisierung) |
|
ID: |
USN-1284-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Do, 16. Februar 2012, 22:32 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Update Manager |
|
Update von: |
Zwei Probleme in Update Manager |
|
Originalnachricht |
--===============4701712805188707356== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-SvoBOjTINv3xiAqZ2Xwg"
--=-SvoBOjTINv3xiAqZ2Xwg Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1284-2 February 16, 2012
update-manager regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
USN-1284-1 introduced a regression in Update Manager.
Software Description: - update-manager: GNOME application that manages apt updates
Details:
USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. (CVE-2011-3152) David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. (CVE-2011-3154) This update also adds a hotfix to Update Notifier to handle cases where the upgrade is being performed from CD media.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: update-manager-core 1:0.152.25.8
Ubuntu 11.04: update-manager-core 1:0.150.5.2
Ubuntu 10.10: update-manager-core 1:0.142.23.2
Ubuntu 10.04 LTS: update-manager-core 1:0.134.11.2
Ubuntu 8.04 LTS: update-manager-core 1:0.87.33
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1284-2 http://www.ubuntu.com/usn/usn-1284-1 https://launchpad.net/bugs/933225
Package Information: https://launchpad.net/ubuntu/+source/update-manager/1:0.152.25.8 https://launchpad.net/ubuntu/+source/update-manager/1:0.150.5.2 https://launchpad.net/ubuntu/+source/update-manager/1:0.142.23.2 https://launchpad.net/ubuntu/+source/update-manager/1:0.134.11.2 https://launchpad.net/ubuntu/+source/update-manager/1:0.87.33
--ÜvoBOjTINv3xiAqZ2Xwg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPPVPUAAoJEGVp2FWnRL6TA/IP/RH5tA9EY1lpudg2geuDHksJ h9G/Lymt+KcslMM9D8J/RLuOiPTQ/6aTcsPT27X2GdVzNukhdMWC/IvtnoGsvS8B 6weIuwsWi4tAJeE5GzZJv1BIbIYVpmLjCt1eQYyteOVS7/RznC68gYhnUEKK+B/T X9kL+dA/s80JE0/UlGaAQ519LbLMD6kZ9r0kgmFQrLKlkOGy53xFVg8BUybKzGlO Ifgi49mAiJTmVuM6gCGDvow248GFWvQSWJrIwewPJ2y84Pa15kBoZtAJ6S1t9NpG DvimxBSFR4A/RCg4qGGeyJcZwekRtVBVvOZY6dMmPtU/jBFn7HwR03zCHiLKxSn9 VLv/Qk8CpJL4bT4jMDGuGiiG5125aVo73rIV3OYxnvy+JBpm9nP6nwD/P4YIix3f 1YJMN8YgTA2iGPRYsSPn38h7repPevpW6q9u2yG/c9tq91jNnoYuxrlukgfoGrzK E9mnLngKY1EDGHfdzFHcuZBO+Kq1z5DFnGBTBGJjRBat4snJIWvGZDlxtKV1Au1o hmMmsP7zuAMM7XBrlGQLu5AWsOC57AAciES5qcwmpdhm2t7qqjkb+oWwrBULZoAr AYgvC28/0zgzIo/1oxKIAs3CJ3DXAAedtqJFCUR8bHFNByBDfr5lvZHVURFwsMQ4 Wz5vflwPxddnzZKaOQWO =erk/ -----END PGP SIGNATURE-----
--=-SvoBOjTINv3xiAqZ2Xwg--
--===============4701712805188707356== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4701712805188707356==--
|
|
|
|