drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Rhythmbox
Name: |
Ausführen beliebiger Kommandos in Rhythmbox |
|
ID: |
USN-1503-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Mi, 11. Juli 2012, 23:13 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3355 |
|
Applikationen: |
Rhythmbox |
|
Originalnachricht |
--===============8445782604386527881== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-q4pxUyvt6sUPPhhZB/Rq"
--=-q4pxUyvt6sUPPhhZB/Rq Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1503-1 July 11, 2012
rhythmbox vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10
Summary:
Rhythmbox could be made to run programs as your login when using the Context plugin.
Software Description: - rhythmbox: music player and organizer for GNOME
Details:
Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: rhythmbox-plugins 2.96-0ubuntu4.1
Ubuntu 11.10: rhythmbox-plugins 2.90.1~20110908-0ubuntu1.4
After a standard system update you need to restart Rhythmbox to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1503-1 CVE-2012-3355
Package Information: https://launchpad.net/ubuntu/+source/rhythmbox/2.96-0ubuntu4.1 https://launchpad.net/ubuntu/+source/rhythmbox/2.90.1~20110908-0ubuntu1.4
--Ú4pxUyvt6sUPPhhZB/Rq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP/b7uAAoJEFHb3FjMVZVzdbQQAIzzqHa8Xx6QerCGPwO6CN1D HRPC9uJQVs681Jfe73XKJXWjtiXlmknYbSj8AgJebjM+fgpoFgtUaj0UrGjmlHrU 0r3sB7IKrRTaRPGBd1h0YOoXgwPa+ASWkB7Om3eCnmPr/RyCQWot7RKQgUge6KpU u0Y+sND0FBIzBdTMZQbg06etQSc2rE5ygJLBC63egoE3F7PkDDgsSYMxlv8a/bM9 IazJLxVVcOsKaess52gncWkDZnRIX7hQgE7XrDmz0+v8mgUZX7ovzqLPRKanUXdd Lh3XIzzH15f4HMZhBb5Z4cU7/TzS5+yQEx74ntGCd+HL6Ez2fOjthwgQpkGy575D +v8xZWuwdYy9kaSEs5Vypoh8N/KR9yDrxFjpQBL75Ih5c77e3FcxpH5+s7Si74pI 0gBfvZxv7BStpVdHAgwfBvZpF+Ui+Edc/sfL4A3u4RKrpYPhHi4/dy8iFqpfV3/J SgVquUaOC+zPXkPbSVnajhQBJAN7o2v9F+WsmKBqQMc2q7TzEq85H9breMYRzuhJ Jx1Bd5h9RFbMAZfWyZD7i0EdRyZ/KF10Z5+CaHghqrviAjdA7lib7zj2J9U/14b1 iErSxORsXtIswijmgfquad+WwH6M0JuYoBlG+pQpJX4SJhct6I3VSRQwQrUB+Njg VWYqCzy0r3Rc1VNgyFYq =gijc -----END PGP SIGNATURE-----
--=-q4pxUyvt6sUPPhhZB/Rq--
--===============8445782604386527881== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8445782604386527881==--
|
|
|
|