Wednesday, July 24, 2024

[USN-6912-1] provd vulnerability

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQS9fIzo5cOslDRPrg+TiY1To8lzAQUCZqDOZAAKCRCTiY1To8lz
AZReAQCZR/i6r2VQuOA6cXnt/D/9A2DLi670bprRFr+NJavrUwD/UBYT3SCLTHQQ
RWRxIJPHtNkRQDYi+yZTfholBedcjgk=
=+QuI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6912-1
July 24, 2024

provd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

provd could be made to run programs as an administrator.

Software Description:
- provd: Ubuntu Desktop Provision init backend

Details:

James Henstridge discovered that provd incorrectly handled environment
variables. A local attacker could possibly use this issue to run arbitrary
programs and escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
provd 0.1.2+24.04

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6912-1
CVE-2024-6714,https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574

Package Information:
https://launchpad.net/ubuntu/+source/provd/0.1.2+24.04

No comments:

Post a Comment