English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

==========================================================================
Ubuntu Security Notice USN-1573-1
September 19, 2012

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  linux-image-2.6.32-348-ec2      2.6.32-348.54

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-1573-1
  CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
  https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-348.54


--------------030105050105010909010403
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------030105050105010909010403--

--------------enigB3987B6E34028B722AD57303
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQWR4eAAoJEAUvNnAY1cPYSMgP/iIaQ6xW/BIw0YnfWW1ol0Uv
0sXsj4sb2UD2CU7+r7npEKqx+FfOrX8BagGW/PFfMzCaRORabbEC6e2eYqN3xa3l
QEyn1tW6hMBXJ7ZJxgREiIRGqiRCvGEhqCA37+sIFZSSDwbe1Ft9CWW/nmEAVBMj
YdrlrGBCF3hkbyt0eZS9D3sGyTVidZgrGjpcrjYvq70KCXxW8sTltNLq4wNMgMyo
hz3eIK+7u91Cj3j+cFDB4OLWS9tFS0T+2P8rXh5KFFCZgl8YTNAzIyIAYH//pEhh
uj62qPD/bEOv36t7lTta2wA4rB9STKxp1+a6D+vDPsksmdU9u8XCtoJyMrrn5wFH
IeQMdHaLKhGxvHkl4amXl7KOww8jo/WZZNPKrUajKWqodyzI7UDYmXXMqVrCzFsg
6xlLOmLsuq1DmlK5g7nYSEFW0TpF455keZsZW/mAJ8gmaB0wSMpf2wsNvo/Wr09U
N/vTR5K1M2wSD8tTJXwJM3kRCnelf6DHhCetn/rWPzllW2hrtA0ejUq/VFL8Gq3J
EQEW8O7xWYgNY3v0E+T1khy94CD/3zC8S2yCs4+z8X+vq90rrCfzkZo8X+djIIpD
jQcKIKK3XpIp5CspytEyKY3h3UIA6yby4YjUkjiNTgocRI1N5rUEEpUEWP57zZxu
ZM6q2OB+/D/wi/1Cw7FT
�sA
-----END PGP SIGNATURE-----

--------------enigB3987B6E34028B722AD57303--


--==============E38722281713533521=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============E38722281713533521==--

From - Wed Sep 19 17:20:38 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001f41e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id 46209EDA35
for <lists@securityspace.com>; Wed, 19 Sep 2012 17:15:29 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1TERYy-0006Y8-Gb; Wed, 19 Sep 2012 21:12:04 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1TERYN-0006MF-E6
for ubuntu-security-announce@lists.ubuntu.com;
Wed, 19 Sep 2012 21:11:27 +0000
Received: from static-50-53-34-211.bvtn.or.frontiernet.net ([50.53.34.211]
helo=[192.168.192.110]) by youngberry.canonical.com with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1TERaS-00041t-70
for ubuntu-security-announce@lists.ubuntu.com;
Wed, 19 Sep 2012 21:13:36 +0000
Message-ID: <505A357A.5060306@canonical.com>
Date: Wed, 19 Sep 2012 14:13:30 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:15.0) Gecko/20120911 Thunderbird/15.0.1
MIME-Version: 1.0
Followup-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1574-1] Linux kernel (Natty backport) vulnerabilities
X-Enigmail-Version: 1.4.4
X-Mailman-Approved-At: Wed, 19 Sep 2012 21:11:59 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, security@ubuntu.com
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============99953869595528561=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============99953869595528561=Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigD94114EADDF65490BA1F24B7"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD94114EADDF65490BA1F24B7
Content-Type: multipart/mixed;
 boundary="------------050601000409040405010705"

This is a multi-part message in MIME format.
--------------050601000409040405010705
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1574-1
September 19, 2012

linux-lts-backport-natty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty

Details:

A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  linux-image-2.6.38-16-generic   2.6.38-16.67~lucid1
  linux-image-2.6.38-16-generic-pae  2.6.38-16.67~lucid1
  linux-image-2.6.38-16-server    2.6.38-16.67~lucid1
  linux-image-2.6.38-16-virtual   2.6.38-16.67~lucid1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-1574-1
  CVE-2012-2745, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-16.67~lucid1


--------------050601000409040405010705
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------050601000409040405010705--

--------------enigD94114EADDF65490BA1F24B7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQWjV6AAoJEAUvNnAY1cPYuLMQAKBiYGbNlB6volmRuK6bEa6y
XqVEoYn6GzTD0jdkkNQxi5EsGPh7XCUnBtwP8RkSoMylT4dPwqzUc27RwVoKxMkM
xaFs66V+bwTTrexEwfN0bXXEK94kPExTzvB1xZHd/MTGIvcClv3bYioSEa2pul/m
KNUmB7pwSZDSDHhYT7Sa8T608preb3yJ3kpd9dX05AP/CfFaDyQob9JTQfFBY6H0
l9zyn1fBA6z+Ykhqfixz0mbd+EKdwNEBcpIZAZ17VLYPvgiyzOsxqdn5Y/nhpBWm
s/g6ZEqauPxSq3+fdrStb1Q56tMmBzzO7JqzCkNWtle8oALMBJSV0E7bG3GYqvAd
qkXDDB4R3lKpPW50xr0klIxrNb76fjR1jRemEKWFFqPCG3NWVph0Tls4+PP497dW
9VMytD5+bDMEmYbGpZD7YWL291lkPusyWK19R4Y7dvXsbe0xFiTG4uhgaViOm83L
2Ik3Pi2Ft0QUBVe7u0Wy8ohb2UO/CsbcGkyRj1HSoTNVQJ9i3xTEHTH4BU7CKNHX
+oB0Bg7JOSaMnnackaySLsm0ll8GoX02tz7niZPDRhUN8GQN9zmEwKL2paaYgZq9
r7KJcPQ7QvJSVwTotS6+guPMaCcrFbOsGisv+0OR8dyZdq2jESdPKnquvX1Hz0wp
jEbho8TFNcy/53Aum5Vt
=Qshi
-----END PGP SIGNATURE-----

--------------enigD94114EADDF65490BA1F24B7--


--==============99953869595528561=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============99953869595528561==--

From - Wed Sep 19 17:50:34 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001f41f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id 5440CEDA9D
for <lists@securityspace.com>; Wed, 19 Sep 2012 17:50:18 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1TES7E-0004WE-NS; Wed, 19 Sep 2012 21:47:28 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1TES6l-0004D6-R4
for ubuntu-security-announce@lists.ubuntu.com;
Wed, 19 Sep 2012 21:46:59 +0000
Received: from static-50-53-34-211.bvtn.or.frontiernet.net ([50.53.34.211]
helo=[192.168.192.110]) by youngberry.canonical.com with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1TES8q-0004zK-NZ
for ubuntu-security-announce@lists.ubuntu.com;
Wed, 19 Sep 2012 21:49:08 +0000
Message-ID: <505A3DCF.1030104@canonical.com>
Date: Wed, 19 Sep 2012 14:49:03 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:15.0) Gecko/20120911 Thunderbird/15.0.1
MIME-Version: 1.0
Followup-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1575-1] Linux kernel (Oneiric backport) vulnerabilities
X-Enigmail-Version: 1.4.4
X-Mailman-Approved-At: Wed, 19 Sep 2012 21:47:24 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, security@ubuntu.com
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============41788151330599734=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============41788151330599734=Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enig2E7B3241BBECEACC6C2499B7"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2E7B3241BBECEACC6C2499B7
Content-Type: multipart/mixed;
 boundary="------------050106090100010002070409"

This is a multi-part message in MIME format.
--------------050106090100010002070409
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1575-1
September 19, 2012

linux-lts-backport-oneiric vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  linux-image-3.0.0-26-generic    3.0.0-26.42~lucid1
  linux-image-3.0.0-26-generic-pae  3.0.0-26.42~lucid1
  linux-image-3.0.0-26-server     3.0.0-26.42~lucid1
  linux-image-3.0.0-26-virtual    3.0.0-26.42~lucid1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-1575-1
  CVE-2012-3412, CVE-2012-3430

Package Information:
  https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-26.42~lucid1


--------------050106090100010002070409
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------050106090100010002070409--

--------------enig2E7B3241BBECEACC6C2499B7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQWj3PAAoJEAUvNnAY1cPYC6sP/REqkqHw5tOixbLj7mMasVm4
GbiKE2C9liCqjkg93TIFuOTE446S5sQJwQeqdXuBC1iF5H2IyxrKYSn6cOIoRBAp
JPWzOYe4VTbOkrn0wwwHaIBrfNIxQxzkWrp48klwledkFN1bVuqNlnS/l2hUE6ZF
o9Yx+6ePeGtX1xlDAVpNrb9S2huWDcEQHmhO/iYNaoh1+n+76YwHJdGE2vTIfm/u
Ww057DVYIVVnFt3gEHkasPpTGPa1+blDFDb3xlVZ73AhU6Ocd7HQrhk9PCFLE/pt
eVXiXFiCtTYmkNpmbV//7pjSS/TWCjfkj4IGkij/kh9Hw16KXt3NeWufIaMLEli6
yJUO9w0uA/yvqm0kJ+9p67PzYEmBS2B2y144+sBaYBVfKsQIkhrOP2pFDEZSia/m
saJ6pl8G+oIn0xK3swZXM6KDhxUqOLy//Favr0+khxhlRxvB8npmsa/AUJqohpNu
OT/mQNSf7Bl0iPUm1bePreV6/1VDnCZy1seVtfg+lB8+siZt6AyumQeypMgI7HeM
2EAsDrNnBmfcun+tOjUBTz+vZJ922snCacfh4/Uv4EwNRtgjlP5DS/CeQf84SnQu
RLJV4FFbn2K5uBg4zWirph1rwvld0CyT3y5qzhXpn8RAXqOAlxKMHvdmMRTv2RfJ
/NTgTYMTTjP/R3rNTe5B
�GL
-----END PGP SIGNATURE-----

--------------enig2E7B3241BBECEACC6C2499B7--


--==============41788151330599734=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============41788151330599734==--

From - Thu Sep 20 13:06:10 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001f430
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id CAC9AEDB06
for <lists@securityspace.com>; Thu, 20 Sep 2012 12:56:41 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1TEk01-0000nI-Ly; Thu, 20 Sep 2012 16:53:13 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <marc.deslauriers@canonical.com>) id 1TEjzo-0000mY-3I
for ubuntu-security-announce@lists.ubuntu.com;
Thu, 20 Sep 2012 16:53:00 +0000
Received: from modemcable236.11-81-70.mc.videotron.ca ([70.81.11.236]
helo=[192.168.66.150]) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <marc.deslauriers@canonical.com>) id 1TEk1w-0000Vo-4J
for ubuntu-security-announce@lists.ubuntu.com;
Thu, 20 Sep 2012 16:55:12 +0000
Message-ID: <1348160105.3307.179.camel@mdlinux>
Subject: [USN-1576-1] DBus vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Date: Thu, 20 Sep 2012 12:55:05 -0400
X-Mailer: Evolution 3.2.3-0ubuntu6 
Mime-Version: 1.0
X-Mailman-Approved-At: Thu, 20 Sep 2012 16:53:08 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, Ubuntu Security <security@ubuntu.com>
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============�65282777105743792=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   


--==============�65282777105743792=Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-TWHiX14K0RX5fqHMUIrw"


--=-TWHiX14K0RX5fqHMUIrw
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1576-1
September 20, 2012

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

DBus could be made to run programs as an administrator.

Software Description:
- dbus: simple interprocess messaging system

Details:

Sebastian Krahmer discovered that DBus incorrectly handled environment
variables when running with elevated privileges. A local attacker could
possibly exploit this flaw with a setuid binary and gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  dbus                            1.4.18-1ubuntu1.1
  libdbus-1-3                     1.4.18-1ubuntu1.1

Ubuntu 11.10:
  dbus                            1.4.14-1ubuntu1.1
  libdbus-1-3                     1.4.14-1ubuntu1.1

Ubuntu 11.04:
  dbus                            1.4.6-1ubuntu6.2
  libdbus-1-3                     1.4.6-1ubuntu6.2

Ubuntu 10.04 LTS:
  dbus                            1.2.16-2ubuntu4.5
  libdbus-1-3                     1.2.16-2ubuntu4.5

Ubuntu 8.04 LTS:
  dbus                            1.1.20-1ubuntu3.7
  libdbus-1-3                     1.1.20-1ubuntu3.7

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1576-1
  CVE-2012-3524

Package Information:
  https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/dbus/1.4.14-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.2
  https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.5
  https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.7




© 1998-2025 E-Soft Inc. All rights reserved.