drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in DBus (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in DBus (Aktualisierung) |
|
ID: |
USN-1576-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Do, 4. Oktober 2012, 15:04 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3524 |
|
Applikationen: |
D-BUS |
|
Update von: |
Ausführen beliebiger Kommandos in DBus |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============3420234525040315648== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig37E1B9D9A6F41E6BACA47694"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig37E1B9D9A6F41E6BACA47694 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1576-2 October 04, 2012
dbus regressions ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
DBus could be made to run programs as an administrator.
Software Description: - dbus: simple interprocess messaging system
Details:
USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: dbus 1.4.18-1ubuntu1.3 libdbus-1-3 1.4.18-1ubuntu1.3
Ubuntu 11.10: dbus 1.4.14-1ubuntu1.3 libdbus-1-3 1.4.14-1ubuntu1.3
Ubuntu 11.04: dbus 1.4.6-1ubuntu6.4 libdbus-1-3 1.4.6-1ubuntu6.4
Ubuntu 10.04 LTS: dbus 1.2.16-2ubuntu4.7 libdbus-1-3 1.2.16-2ubuntu4.7
Ubuntu 8.04 LTS: dbus 1.1.20-1ubuntu3.9 libdbus-1-3 1.1.20-1ubuntu3.9
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1576-2 http://www.ubuntu.com/usn/usn-1576-1 CVE-2012-3524
Package Information: https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.3 https://launchpad.net/ubuntu/+source/dbus/1.4.14-1ubuntu1.3 https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.4 https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.7 https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.9
--------------enig37E1B9D9A6F41E6BACA47694 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQbYIRAAoJEGVp2FWnRL6Tj3QQAL1Cz1kJsxfSuqon8NhWQEKN fDvtzpfP7/1W2a2lt18PdbYBnqGt/mzKpQJKYnaBj6jbm7v+n0DQeiRgBio73+Al O1djpFygkQi6dA8cB4Z7o0DtmlomoI/oLCo5VoHLe19GxOX6z0STNKUiHKLWWNE3 j0i2HS3nbApwLIcdaNoKmDZz+/fvceZj4Ndc5/e0anet9e5qEfL2DxhoJNa7dbvE dTBKw87cgthVRdXW60N0Q1aH+g+142Ms7+iK536nsIKscNnXjdEZp01jo91REC0T GcCXkDBJISLNb0nNoLYn0CBTDa75Ygpwk9llXdQGSdg+tRnkfbccwtiRp2XLb76s xh8gdmYIsMpBSIPNT+iQAIAf0e0pLFweY7pnzT8+g+NH4DBkhLSsJxNaP1j2pDz3 JDaW3NWpmGX4Xme6EjhVjjmkpZ5U1nk4xdty3on/z2h5vB6tEBLcTw48HlwMGwEX fZcPqMm1eUMJYAumOChTKMn0eBQC4Zrjc3d9tKHyQ0U/r68O3HS16sD5323smUVg fCLkJuzoKy9t+94XtkSS7KOipsf1ErntsRsINPe+1gGp3eDh4OryZf1OHbzwrVeq h8UsGyhYZhIgSfXNAfGoOmSyr05PsIO71WUxL2vgy9Jfk76W5lgtc44WLYm6iWbW pOaHfp8zWnc1etoKbkE7 =rw6a -----END PGP SIGNATURE-----
--------------enig37E1B9D9A6F41E6BACA47694--
--===============3420234525040315648== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3420234525040315648==--
|
|
|
|