[USN-3411-2] Bazaar vulnerability
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Oct 24 14:45:55 UTC 2017
Ubuntu Security Notice USN-3411-2
October 24, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Bazaar could be made run programs as your login if it opened a
specially crafted URL.
- bzr: easy to use distributed version control system
USN-3411-1 fixed a vulnerability in Bazaar. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Adam Collard discovered that Bazaar did not properly handle host names
in 'bzr+ssh://' URLs. A remote attacker could use this to construct
a bazaar repository URL that when accessed could run arbitrary code
with the privileges of the user.
The problem can be corrected by updating your system to the following
Ubuntu 12.04 ESM:
In general, a standard system update will make all the necessary
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the ubuntu-security-announce