[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[USN-1068-1] Aptdaemon vulnerability



===========================================================
Ubuntu Security Notice USN-1068-1         February 22, 2011
aptdaemon vulnerability
CVE-2011-0725
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  python-aptdaemon                0.31+bzr506-0ubuntu6.1

In general, a standard system update will make all the necessary changes.

Details follow:

Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain
arguments when using its D-Bus interface. A local attacker could use this
flaw to bypass security restrictions and view sensitive information by
reading arbitrary files.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.debian.tar.gz
      Size/MD5:   528226 b4bab52268bb2d5265519c41b507f465
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.dsc
      Size/MD5:     2121 dfe8afa421c97dae75ef5401240bfcbd
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506.orig.tar.gz
      Size/MD5:   441337 272889c346728f050dd439b48f1041a7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:    35990 318e9d8d17fc010ba43840b06bb31e8b
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon-gtk_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:   197602 a052006f8f9addc05244a2a9f7ba8143
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:    64802 b8a33f9e2e8c53679a2b6bfe9768bab2



Attachment: signature.asc
Description: This is a digitally signed message part