drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in GPGME
Name: |
Ausführen beliebiger Kommandos in GPGME |
|
ID: |
USN-2307-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Do, 7. August 2014, 09:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3564 |
|
Applikationen: |
GPGME |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0184964678858396013== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TSX1quLphAFmOsiea7MpHJCJivPTA1XHV"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --TSX1quLphAFmOsiea7MpHJCJivPTA1XHV Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2307-1 August 06, 2014
gpgme1.0 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
GPGME could be made to crash or run programs as your login if it processed a specially crafted certificate.
Software Description: - gpgme1.0: GPGME - GnuPG Made Easy (library)
Details:
Tomáš Trnka discovered that GPGME incorrectly handled certain certificate line lengths. An attacker could use this issue to cause applications using GPGME to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libgpgme11 1.4.3-0.1ubuntu5.1
Ubuntu 12.04 LTS: libgpgme11 1.2.0-1.4ubuntu2.1
Ubuntu 10.04 LTS: libgpgme11 1.2.0-1.2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2307-1 CVE-2014-3564
Package Information: https://launchpad.net/ubuntu/+source/gpgme1.0/1.4.3-0.1ubuntu5.1 https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.4ubuntu2.1 https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.2ubuntu1.1
--TSX1quLphAFmOsiea7MpHJCJivPTA1XHV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJT4i7tAAoJEGVp2FWnRL6T8zoP+wRiHxeasx3NSC92Z4/9Zemh ddejOAGIN0eAWaiX4+BUAt0JZiB9u/RU0frG0cj2ssbBHIJP6HPBoGtIUXTBd8I9 MQwNzsDQbi+E/tDc82V7xasOHqJSppbUAr8gm8JAr5z5wkMxGPB9pw4HIVASGX0r 7wP/cM2qS6mW/+EqB1zOCC0s+GQU/jKHnO6Wtqt/I/DP9r3rPl7wmS/W1QnWBkM2 oI1rC1unpOVjcM6CWMlNY/tlLyGRncX0DXsFBm7fh2pIY5sEvdz9GUMsyl6urdpQ fhpe5DfgwUKdFrttc8yOBKxCjN3d6X7X4GlAhj7g9SgwmE6okzjbCKjLqf3DpJQb h+XNkz9eqF93HMvnAf6pw1tKKqxsQDn95yVl5EyQoAMD4voQGuy9UF3MxfNQTA1M g5jj6Yb6a+elJjVu8NVPn7bDGpLSBskBZbN4MnnVc2mS8mPrFAKvYbpjOT+NHqfA xsgD3SteEfOf6PC/IxvAbAKOed15EQrQLgOAV6PN7ZwZVFPxeRn5uU9l91gY8u2O nisU7piLW/boMP1PVPawmdlYXwZJOQ4/n4K9BSLkpW7qVAK9lU9PcQFi570jqs5t s1I9nZIiXT1VRvG0AzdU5ilFpu4MxMR7J7XXjN3Mc5VKC1UtnWyTaALitfFuOfBg Co6lCMG7I9vSJSX5vGjL =088u -----END PGP SIGNATURE-----
--TSX1quLphAFmOsiea7MpHJCJivPTA1XHV--
--===============0184964678858396013== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0184964678858396013==--
|
|
|
|