========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Local users could gain root access via the language-selector. Software Description: - language-selector: Language selector for Ubuntu Linux Details: Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: language-selector-common 0.6.7 In general, a standard system update will make all the necessary changes. References: CVE-2011-0729 Package Information: https://launchpad.net/ubuntu/+source/language-selector/0.6.7
Attachment:
signature.asc
Description: Digital signature