[USN-1115-1] language-selector vulnerability

看板Bugtraq作者kees.時間15年前 (2011/04/21 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

--OpLPJvDmhXTZE4Lg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Local users could gain root access via the language-selector. Software Description: - language-selector: Language selector for Ubuntu Linux Details: Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: language-selector-common 0.6.7 In general, a standard system update will make all the necessary changes. References: CVE-2011-0729 Package Information: https://launchpad.net/ubuntu/+source/language-selector/0.6.7 --OpLPJvDmhXTZE4Lg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook <kees@outflux.net> iQIcBAEBCgAGBQJNrdcVAAoJEIly9N/cbcAm7uoP/3V4icOYuOEI/jJr+rlawa7a vA5qNxLHlhh/WVxBHD7b6lCK72VqLQ6oc+wGz4NfTgvcNzRdrhQFBtHPgDRi7Ftd RW+fytQS7Pd/1+pm14mm8yxuwmYtk0G3Js8Ku0K1wM7hW6omv5uNrjgVn7Eclxn0 AVWkZqO/QrClEWCxrwYoCUE3vcKLYsm5zKt20r97Y/+pRS1wRr0mFI2I3I4t4tgK ihcTDN5wQawmNAiFSTnbPpT6DTRMGyROMRkVvPFnQd+HB7qyCSgkNVXFaf5aj116 ps57ehG5Dnpy/KS0VUu8f7ofwJ63pUZY+0MKGt4fJ1PvlLlwcVSQI02a0hL521Xm ltCBgxO/VGjK5Rujrr1KnLPl4swAnIxop6QL4b7wfzXa2LPh20qPBCySZayNm185 d5gjBSGHyrE6F7IZCw0QtgYtAsTSx4UyKIm92dPz/LGFLdi97sRyI16rvkbj8AWb sYcsEw/CzWN6A6/ezmC7R4xdsTQQPycfNkZdJ2w+r1SdYTUhF+1O6yD7X+7SO6bw sIVKARZw5r6fKwdEHZLRNo1eT/7STiLpxzhv8Rze1wFrlg9BJwndVnjQPDS275Kz cpFPQuN1+zajI/wl7U2dwaZBEHuVYZRQHDAd9Z6Q0sJNzpJJQJC/iitfw59cLHSL jewp+58KyvWG/KVaEHYj =S/NE -----END PGP SIGNATURE----- --OpLPJvDmhXTZE4Lg--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 kees. 的文章

文章代碼(AID): #1DhnzW1O (Bugtraq)