BugTraq
[USN-1068-1] Aptdaemon vulnerability Feb 22 2011 03:38PM
Marc Deslauriers (marc deslauriers canonical com)
===========================================================
Ubuntu Security Notice USN-1068-1 February 22, 2011
aptdaemon vulnerability
CVE-2011-0725
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
python-aptdaemon 0.31+bzr506-0ubuntu6.1

In general, a standard system update will make all the necessary changes.

Details follow:

Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain
arguments when using its D-Bus interface. A local attacker could use this
flaw to bypass security restrictions and view sensitive information by
reading arbitrary files.

Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+b
zr506-0ubuntu6.1.debian.tar.gz
Size/MD5: 528226 b4bab52268bb2d5265519c41b507f465
http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+b
zr506-0ubuntu6.1.dsc
Size/MD5: 2121 dfe8afa421c97dae75ef5401240bfcbd
http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+b
zr506.orig.tar.gz
Size/MD5: 441337 272889c346728f050dd439b48f1041a7

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+b
zr506-0ubuntu6.1_all.deb
Size/MD5: 35990 318e9d8d17fc010ba43840b06bb31e8b
http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon
-gtk_0.31+bzr506-0ubuntu6.1_all.deb
Size/MD5: 197602 a052006f8f9addc05244a2a9f7ba8143
http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon
_0.31+bzr506-0ubuntu6.1_all.deb
Size/MD5: 64802 b8a33f9e2e8c53679a2b6bfe9768bab2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJNY9hxAAoJEGVp2FWnRL6T6uoP/jjNaezwXWQiQSnwSGxKLdz2
GDgndKUlHEpewf1vm5KQ+yvQq9s5bkMGGaLc1oLLnrDCZan7TZ+Qfj+D5SIB2Sqf
YIiLIzlte2o+YKQ5Rm9lT9dk8FPL6kIwi3zy+Q4tjNrG/fV6zvjvXgb0hmB3hBd3
F6YVP9xtaqQnPg0kBdeDhrkse7lFVjmUc/k+TDjnG8iipqafUtsPTA3izGQfRqQH
VQAVs814H0D9ZEFWWiu4B/h0pkeU70iuoYJk+j1UpW+6D2ONHMx5/yvAwEISBERX
qC9XXxhKy4yxUl5rqcZ3Le43g1TNlihX/lV25s3NsQtfvZhYgcryZ3b4pU2EPKh6
1sw/DXv4NCO5EG/OvZi9GyBl8QyKHTntGAk8mPlQtgJr8E3DaDMVWlyUxvyLHSrC
GUHwJROauRJcYSFpwnjjsOKOLmiuzjEtuPllJURIwDruj8l0gUv1ABbezReSza/d
EH2w2H9ZIN4ZNvDGj3te0PSnIcKv/YL+5xH7uEGkEwbBBVRZqemPVEUmg1+DGsIW
31WIlXR1mG2FDm3/bjZSfSJWrifeHu7X0sJHl5PSlKPjC/DfzLHxZBqpBvuVDna4
UO1pjbAn8UjpRxsKQt+VX5WWvgYeXDGwi5jjpB8eDevm+HDjLh9TGUJ6l0akw2md
U71o4PgitedxIRxniFph
=qtCv
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus