Monday, March 25, 2013

[USN-1779-1] GNOME Online Accounts vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRUFxrAAoJEGVp2FWnRL6T3B8QALnWR5/vIPXyIl3J5uSFtDJa
YxPovqSkcJAQrwgnEKw7+FqlJko6KAhmizxOoVKXTpxiZyKpR9xZHs/O9nUaqgRP
7CKNdU/hh2Yon4XglH28D9Anc0jo3/58cyPZdTqgiculKUHKcvn7q6rC9MCXlz1X
+v4TzN/tLY3hk7ijOvaiUaZWodT3lmfP6QBLFhyqMWDnbiabi5uk0OZx9EuqWWk6
TcpkP3erID0Zw4Uj1rX2xBSCsX70dUi3YSZ5FHHmW2tQR6/QMh/6Nrjnkwak8CE7
vK85UL9vhXbPUr9+mM20GLxGXWcGI++EbQXEa0812H2Pg41MkBu9NWD5zt+UqERN
haIPu/LNAX4NzSJRktORb83yeXtcOnfSY5ZFKNjkpbbr5k5YIgNVnR7/lW2Z1qlE
RrWbE5wcsq4lTHiK26bRelCwtoJJmAI2ulrPCyMmO7Wos/heeqnerOFM3vGJ/1HD
9oSXOAKsFQEndp9eB2F40J9pdjT0lNpswRmb8awnCbHD7WJ5iJmiatEEsh9+bBxV
UmK9/QzENsNOouR5Y1KkvhL+/D/HfMljRMxdUd2d/ymFQppEPzy43WBsBZm7E6xQ
avVZJ7d7avJxgxt/ztpPUch/+1aNiak88dgpW3JtmGqCoMIi+CDPccV5JPsjOpwc
xPPYdOIVCC+QwG6uPl0+
=XPff
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1779-1
March 25, 2013

gnome-online-accounts vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

GNOME Online Accounts could be made to expose sensitive information over
the network.

Software Description:
- gnome-online-accounts: GNOME Online Accounts

Details:

It was discovered that GNOME Online Accounts did not properly check SSL
certificates when configuring online accounts. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
alter or compromise credentials and confidential information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
gnome-online-accounts 3.6.0-0ubuntu1.1
libgoa-1.0-0 3.6.0-0ubuntu1.1

Ubuntu 12.04 LTS:
gnome-online-accounts 3.4.0-0ubuntu1.1
libgoa-1.0-0 3.4.0-0ubuntu1.1

Ubuntu 11.10:
gnome-online-accounts 3.2.1-0ubuntu1.1
libgoa-1.0-0 3.2.1-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1779-1
CVE-2013-0240, CVE-2013-1799

Package Information:

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.6.0-0ubuntu1.1

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.4.0-0ubuntu1.1

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.2.1-0ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)