Sicherheit: Ausführen beliebiger Kommandos in Wayland

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8625222580818767514==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="pvD4UsYaQ4VS5qThHi15Xa72hDvnuik0d"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pvD4UsYaQ4VS5qThHi15Xa72hDvnuik0d
Content-Type: multipart/mixed;
boundary="RdecB6BBIbrGwkDbXsVna0H2w4Ymm40B8";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <d9df75d1-3dde-df54-c335-72c00d194a54@canonical.com>
Subject: [USN-3622-1] Wayland vulnerability

--RdecB6BBIbrGwkDbXsVna0H2w4Ymm40B8
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3622-1
April 09, 2018

wayland vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Wayland could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- wayland: Wayland compositor infrastructure

Details:

It was discovered that the Wayland Xcursor support incorrectly handled
certain files. An attacker could use these issues to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libwayland-cursor0 1.14.0-1ubuntu0.1

Ubuntu 16.04 LTS:
libwayland-bin 1.12.0-1~ubuntu16.04.3
libwayland-client0 1.12.0-1~ubuntu16.04.3
libwayland-cursor0 1.12.0-1~ubuntu16.04.3
libwayland-dev 1.12.0-1~ubuntu16.04.3
libwayland-doc 1.12.0-1~ubuntu16.04.3
libwayland-server0 1.12.0-1~ubuntu16.04.3

Ubuntu 14.04 LTS:
libwayland-cursor0 1.4.0-1ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3622-1
CVE-2017-16612

Package Information:
https://launchpad.net/ubuntu/+source/wayland/1.14.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/wayland/1.12.0-1~ubuntu16.04.3
https://launchpad.net/ubuntu/+source/wayland/1.4.0-1ubuntu1.1

--RdecB6BBIbrGwkDbXsVna0H2w4Ymm40B8--

--pvD4UsYaQ4VS5qThHi15Xa72hDvnuik0d
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJay6n7AAoJEGVp2FWnRL6TLXgQAK9V83ZPRUri6pgo9QK3Li3L
oUfzQl9hcn9AmzAWzpMdKG1hBtyio1Z1NB0NeW1sri1f/GDDUf215/8fO617BkpO
mh+uvD5hoCx4PPrmtLVUKaAl1eFLhSvwv+IRKYnId/3nhZFOLo6npy+dLQJluVjO
mLt7A8w8S7IkPDszIrIcTU8Hk3VW1u9/LwRsUSpJFWihRIN7kJLbuEu1YMfI01rj
cxOX26n+xivMgK4g1NJIR/lmvjSWb2YAUilhrlSc681Y+5koXr/JCmO0or03iHLO
K0z0c0Z+9I1d1cwSeBVrJR8yxzDbf8QZjHZAC2ocX19K9lb8VbH1ze34YXLqY3I4
MNPwlxeLbsyHBiSd/krixCupvkPnRh+jmNahpgKLENP1CWHr+5jbfNYKJPnNXi2E
fw/pwCIFAnxwiUQBY/I0Hv/OivLN2XIsdF5msEW0wA96XjRnVRL6LXdsKANgqqEQ
lp7uOXU2JmZwd2M5vFN3jxMWhargZMR/QN63hFHVJXD4Lc9GjTsfuwVPUXa1urZ4
UpJKSpc7qslq5RGC11ere93hye8WpMuU7ZcdSOl8AP+ipEneak5kpSDThVJTWFxv
C58Uh0++LhWsKulAruQJeMT1SAjOlpE9FZgTagXF69T0BB8myjabRd0LviOWGvwR
ViVYII6MzUCgaJqlf1/g
=Boaz
-----END PGP SIGNATURE-----

--pvD4UsYaQ4VS5qThHi15Xa72hDvnuik0d--

--===============8625222580818767514==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8625222580818767514==--