Wednesday, December 12, 2012

[USN-1662-1] APT vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQyN4sAAoJEGVp2FWnRL6TppwP/3/AaUAhiFch7JU6W7cCOh3T
12RzGEwQzXx9RGuPba7bNAB6w6esp3YhMdKW1B+FCEMmQVDkrnz12F8fl8ceLJSq
EGnUjHpGNDrsOW10uMeKlSMdd0Ls3HiHlwBX9o5fFh1wf5Akt73kbTgR5f3Lw71G
pf9KFnDmpAFxmwGkZLA+w9PdhWgJ/s2Lyvias9AJZBuTUJAcbtJ20BAJbsErv3f0
+jMM10E+veBZ316X+1WaD78o0bNAV9BTPDj4hmFU3UEf1yFBc3UqDnZUVzu8hUKT
v6Pp0AdP9H7v2HTcxJWQQYS3RdsPAeeTERjGggSLhmCjWJvgyIr5oFr3J3covisQ
/6FAbg7ufxBUQiyYxJaaDEmqDvPP+nTOi/7LL5Fp5L0IDCN8L+B5h7d/F59JweKi
ZY28jBPxRtfns1LLyWTLFQJoGUVwiV5fuciRuBNesNQJApMhzc+nJUQE5vAgnWDP
lZUw+N32D1LxVtMFozsj5XtNI/WdUBKnvqUm6pl56D9gTgiqey28S+FivkXOTobe
zn6UT3A9a8A/mR00yOCjyPSWs/jSHVtik/K/cqn0d2Rb0ct7Z2rraRJl96oRVqXz
gg114kEIac9aIOIUtcmgGfH3BSKfHE9A89DpuKHKPzyM3g4KSjSfQbioiTBn9gq7
3o1fGhkdiC9PVTNCjf1T
=XqUM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1662-1
December 12, 2012

apt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

APT could expose sensitive information.

Software Description:
- apt: Advanced front-end for dpkg

Details:

It was discovered that APT set inappropriate permissions on the term.log
file. A local attacker could use this flaw to possibly obtain sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
apt 0.9.7.5ubuntu5.2

Ubuntu 12.04 LTS:
apt 0.8.16~exp12ubuntu10.7

Ubuntu 11.10:
apt 0.8.16~exp5ubuntu13.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1662-1
CVE-2012-0961

Package Information:
https://launchpad.net/ubuntu/+source/apt/0.9.7.5ubuntu5.2
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.7
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubuntu13.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)