=========================================================== Ubuntu Security Notice USN-1068-1 February 22, 2011 aptdaemon vulnerability CVE-2011-0725 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: python-aptdaemon 0.31+bzr506-0ubuntu6.1 In general, a standard system update will make all the necessary changes. Details follow: Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files. Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.debian.tar.gz Size/MD5: 528226 b4bab52268bb2d5265519c41b507f465 http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.dsc Size/MD5: 2121 dfe8afa421c97dae75ef5401240bfcbd http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506.orig.tar.gz Size/MD5: 441337 272889c346728f050dd439b48f1041a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb Size/MD5: 35990 318e9d8d17fc010ba43840b06bb31e8b http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon-gtk_0.31+bzr506-0ubuntu6.1_all.deb Size/MD5: 197602 a052006f8f9addc05244a2a9f7ba8143 http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb Size/MD5: 64802 b8a33f9e2e8c53679a2b6bfe9768bab2
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/