Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1443-2] Update Manager vulnerability (Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Mon, 04 Jun 2012 09:47:00 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1443-2] Update Manager vulnerability
Message-ID: <1338817620.6938.7.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1443-2
June 04, 2012
update-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Update Manager could expose sensitive information in certain circumstances.
Software Description:
- update-manager: GNOME application that manages apt updates
Details:
USN-1443-1 fixed vulnerabilities in Update Manager. The fix for
CVE-2012-0949 was discovered to be incomplete. This update fixes the
problem.
Original advisory details:
Felix Geyer discovered that the Update Manager Apport hook incorrectly
uploaded certain system state archive files to Launchpad when reporting
bugs. This could possibly result in repository credentials being included
in public bug reports. (CVE-2012-0949)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
update-manager-core 1:0.156.14.5
Ubuntu 11.10:
update-manager-core 1:0.152.25.12
Ubuntu 11.04:
update-manager-core 1:0.150.5.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1443-2
http://www.ubuntu.com/usn/usn-1443-1
CVE-2012-0950
Package Information:
https://launchpad.net/ubuntu/+source/update-manager/1:0.156.14.5
https://launchpad.net/ubuntu/+source/update-manager/1:0.152.25.12
https://launchpad.net/ubuntu/+source/update-manager/1:0.150.5.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120604/df1c9126/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 93, Issue 2
*******************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2012
(533)
-
▼
June
(88)
- ubuntu-security-announce Digest, Vol 93, Issue 19
- Verdict on Google Nexus 7 tablet
- ubuntu-security-announce Digest, Vol 93, Issue 18
- Nikon J1 Camera + Apple iPad 16GB Bundle $899, Kli...
- ubuntu-security-announce Digest, Vol 93, Issue 17
- Latest hacker dump looks like Comcast, AT&T data
- Chrome comes to iPad, iPhone
- New Android OS and tablet at Google I/O
- ubuntu-security-announce Digest, Vol 93, Issue 16
- Confirmation: Your ZDNet newsletter selections
- Panasonic ST50 crowned CNET's new Editors' Choice
- Hands on with the Google Nexus 7
- The Strands of Your Identity Web
- HP AMD QUAD 17.3-inch LED Laptop $430, Alpine Swis...
- ubuntu-security-announce Digest, Vol 93, Issue 15
- What's next for Android?
- More tough cams
- Those sneaky teens: What they're really up to online
- The best Android tablet display yet
- Asus X Core i3 16-inch Laptop $400, Nikon D7000 Bu...
- Apply for an Honorary Bachelors, Masters, or Docto...
- Facebook hires former Apple design manager
- Tesla Model S for the win
- Air vs. Pro: Which 13-inch MacBook?
- Dell Inspiron 14z Core i5 $530, Scratch and Dent i...
- ubuntu-security-announce Digest, Vol 93, Issue 14
- New Xbox on track for 2013?
- A big week for Microsoft
- How to browse sensitive subjects without being tra...
- ubuntu-security-announce Digest, Vol 93, Issue 13
- Will people care about a universal Smart TV interf...
- Microsoft unveils Windows Phone 8
- pls revert
- Samsung 50-inch LED TV $830, Samsung 46-inch 3D TV...
- ubuntu-security-announce Digest, Vol 93, Issue 12
- Meet Microsoft's Surface tablet
- ubuntu-security-announce Digest, Vol 93, Issue 11
- The toughest act to follow
- TechEd 2012: Windows 8 and MBAM 2.0 Bring Enhanced...
- Join us for Microsoft's mystery event
- business partner needed
- Samsung 60-inch 3D Plasma and Blu-ray Player / Gla...
- ubuntu-security-announce Digest, Vol 93, Issue 10
- SEC spooked by Facebook's pre-IPO mobile numbers
- Hype-busting Apple Maps
- Verdict on the 2012 Chevy Volt
- Home Depot Father's Day Sale Up to 50% off, HP dv6...
- ubuntu-security-announce Digest, Vol 93, Issue 9
- E3 2012 wrap-up; why you shouldn't preoorder games
- Apple's WWDC touts new iOS 6 features
- Is the iPhone fragmented?
- AVG spreads its mobile shield
- ubuntu-security-announce Digest, Vol 93, Issue 8
- CNET review: Retina MacBook Pro is king
- Samsung wins accidental burn-in test
- New 15-inch Retina MacBook Pro with Core i7, Apple...
- ubuntu-security-announce Digest, Vol 93, Issue 7
- ubuntu-security-announce Digest, Vol 93, Issue 6
- What iOS 6 hints about iPhone 5
- ubuntu-security-announce Digest, Vol 93, Issue 5
- Topsy-turvy: Entry dSLRs and advanced compacts
- The big news from WWDC
- What the password leaks mean to you (FAQ)
- Element 50-inch LCD TV w/JBL Soundbar $500, Kennet...
- Security tweaks, PDFs herald new Firefox builds
- Google doubles down on 3D in Earth
- Canon T4i: It's all about the video
- Panda Pal High-Powered Mini Speaker $17, Dell Insp...
- World's first 13-inch tablet
- Windows Phone's presence steadily grows
- LinkedIn updates apps in response to privacy concerns
- Panasonic VT50 is the company's best TV. Ever.
- ubuntu-security-announce Digest, Vol 93, Issue 4
- Getting to know the Wii U
- ubuntu-security-announce Digest, Vol 93, Issue 3
- Google Analytics Product Update: Content Experimen...
- Five unanswered questions about Nintendo's Wii U
- ubuntu-security-announce Digest, Vol 93, Issue 2
- Xbox throws down gauntlet to Apple TV (and Wii U)
- Sony HX9V vs. HX30V: Which camera should you buy?
- Microsoft ticks off advertisers with IE10 'Do Not ...
- Dell XPS 14z Core i5 $750, Hampton Bay 52-inch Cei...
- Novell Client 2 SP2 for Windows (IR3) released
- Microsoft ticks off advertisers with IE10 'Do Not ...
- Open season for convertibles
- Windows 8 Release Preview hands-on
- Dell Core i7 16-inch Laptop + Xbox 360 for Student...
- ubuntu-security-announce Digest, Vol 93, Issue 1
-
▼
June
(88)
No comments:
Post a Comment