[USN-1068-1] Aptdaemon vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Tue Feb 22 15:38:27 UTC 2011 

===========================================================
Ubuntu Security Notice USN-1068-1         February 22, 2011
aptdaemon vulnerability
CVE-2011-0725
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  python-aptdaemon                0.31+bzr506-0ubuntu6.1

In general, a standard system update will make all the necessary changes.

Details follow:

Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain
arguments when using its D-Bus interface. A local attacker could use this
flaw to bypass security restrictions and view sensitive information by
reading arbitrary files.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.debian.tar.gz
      Size/MD5:   528226 b4bab52268bb2d5265519c41b507f465
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1.dsc
      Size/MD5:     2121 dfe8afa421c97dae75ef5401240bfcbd
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506.orig.tar.gz
      Size/MD5:   441337 272889c346728f050dd439b48f1041a7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:    35990 318e9d8d17fc010ba43840b06bb31e8b
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon-gtk_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:   197602 a052006f8f9addc05244a2a9f7ba8143
    http://security.ubuntu.com/ubuntu/pool/main/a/aptdaemon/python-aptdaemon_0.31+bzr506-0ubuntu6.1_all.deb
      Size/MD5:    64802 b8a33f9e2e8c53679a2b6bfe9768bab2



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20110222/542bf8e9/attachment.sig>

More information about the ubuntu-security-announce mailing list