drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Rhythmbox
| Name: |
Ausführen beliebiger Kommandos in Rhythmbox |
|
| ID: |
USN-1503-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 11.10, Ubuntu 12.04 LTS |
|
| Datum: |
Mi, 11. Juli 2012, 23:13 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3355 |
|
| Applikationen: |
Rhythmbox |
|
Originalnachricht |
--===============8445782604386527881==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-q4pxUyvt6sUPPhhZB/Rq"
--=-q4pxUyvt6sUPPhhZB/Rq
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1503-1
July 11, 2012
rhythmbox vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Rhythmbox could be made to run programs as your login when using the Context
plugin.
Software Description:
- rhythmbox: music player and organizer for GNOME
Details:
Hans Spaans discovered that the Context plugin in Rhythmbox created a
temporary directory in an insecure manner. A local attacker could exploit
this to execute arbitrary code as the user invoking the program. The
Context plugin is disabled by default in Ubuntu.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
rhythmbox-plugins 2.96-0ubuntu4.1
Ubuntu 11.10:
rhythmbox-plugins 2.90.1~20110908-0ubuntu1.4
After a standard system update you need to restart Rhythmbox to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1503-1
CVE-2012-3355
Package Information:
https://launchpad.net/ubuntu/+source/rhythmbox/2.96-0ubuntu4.1
https://launchpad.net/ubuntu/+source/rhythmbox/2.90.1~20110908-0ubuntu1.4
--Ú4pxUyvt6sUPPhhZB/Rq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP/b7uAAoJEFHb3FjMVZVzdbQQAIzzqHa8Xx6QerCGPwO6CN1D
HRPC9uJQVs681Jfe73XKJXWjtiXlmknYbSj8AgJebjM+fgpoFgtUaj0UrGjmlHrU
0r3sB7IKrRTaRPGBd1h0YOoXgwPa+ASWkB7Om3eCnmPr/RyCQWot7RKQgUge6KpU
u0Y+sND0FBIzBdTMZQbg06etQSc2rE5ygJLBC63egoE3F7PkDDgsSYMxlv8a/bM9
IazJLxVVcOsKaess52gncWkDZnRIX7hQgE7XrDmz0+v8mgUZX7ovzqLPRKanUXdd
Lh3XIzzH15f4HMZhBb5Z4cU7/TzS5+yQEx74ntGCd+HL6Ez2fOjthwgQpkGy575D
+v8xZWuwdYy9kaSEs5Vypoh8N/KR9yDrxFjpQBL75Ih5c77e3FcxpH5+s7Si74pI
0gBfvZxv7BStpVdHAgwfBvZpF+Ui+Edc/sfL4A3u4RKrpYPhHi4/dy8iFqpfV3/J
SgVquUaOC+zPXkPbSVnajhQBJAN7o2v9F+WsmKBqQMc2q7TzEq85H9breMYRzuhJ
Jx1Bd5h9RFbMAZfWyZD7i0EdRyZ/KF10Z5+CaHghqrviAjdA7lib7zj2J9U/14b1
iErSxORsXtIswijmgfquad+WwH6M0JuYoBlG+pQpJX4SJhct6I3VSRQwQrUB+Njg
VWYqCzy0r3Rc1VNgyFYq
=gijc
-----END PGP SIGNATURE-----
--=-q4pxUyvt6sUPPhhZB/Rq--
--===============8445782604386527881==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8445782604386527881==--
|
|
|
|
