Dva propusta paketa update-manager

Update-manager sadrži dva sigurnosna propusta koja omogućavaju otkrivanje osjetljivih informacija.

Paket:	update-manager 0.x
Operacijski sustavi:	Ubuntu Linux 11.04, Ubuntu Linux 11.10
Problem:	neodgovarajuće rukovanje datotekama
Iskorištavanje:	lokalno/udaljeno
Posljedica:	otkrivanje osjetljivih informacija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-0948, CVE-2012-0949
Izvorni ID preporuke:	USN-1443-1
Izvor:	Ubuntu

Problem:
Ranjivosti se javljaju kao posljedica nepravilnosti u rukovanju ovlastima pri stvaranju i učitavanju arhiva podataka o stanju sustava.
Posljedica:
Zlonamjerni korisnik bi mogao pregledati oznake korisnika u repozitoriju te tako otkriti osjetljive podatke.
Rješenje:
Svim se korisnicima savjetuje instalacija najnovije inačice programskog paketa u kojoj je propust ispravljen.

Izvorni tekst preporuke

==========================================================================
Ubuntu Security Notice USN-1443-1
May 17, 2012

update-manager vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Update Manager could expose sensitive information in certain circumstances.

Software Description:
- update-manager: GNOME application that manages apt updates

Details:

It was discovered that Update Manager created system state archive files
with incorrect permissions when upgrading releases. A local user could
possibly use this to read repository credentials. (CVE-2012-0948)

Felix Geyer discovered that the Update Manager Apport hook incorrectly
uploaded certain system state archive files to Launchpad when reporting
bugs. This could possibly result in repository credentials being included
in public bug reports. (CVE-2012-0949)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  update-manager-core             1:0.156.14.4

Ubuntu 11.10:
  update-manager-core             1:0.152.25.11

Ubuntu 11.04:
  update-manager-core             1:0.150.5.3

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1443-1
  CVE-2012-0948, CVE-2012-0949

Package Information:
  https://launchpad.net/ubuntu/+source/update-manager/1:0.156.14.4
  https://launchpad.net/ubuntu/+source/update-manager/1:0.152.25.11
  https://launchpad.net/ubuntu/+source/update-manager/1:0.150.5.3

Dva propusta paketa update-manager

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Dva propusta paketa update-manager

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti