Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu 11.10 and 11.04 USN-1298-1 Critical Apache Commons Daemon Threat

Calendar Dec 12, 2011 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical Ubuntu file access Apache daemon commons-daemon
Apache Commons Daemon would allow unintended access to files over the network. 
=========================================================================Ubuntu Security Notice USN-1298-1
December 12, 2011

commons-daemon vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Apache Commons Daemon would allow unintended access to files over the
network.

Software Description:
- commons-daemon: wrapper to launch Java applications as daemons

Details:

Wilfried Weissmann discovered that Apache Commons Daemon incorrectly
dropped capabilities after starting. A remote attacker could possibly use
this flaw to read certain files, bypassing the intended permissions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libcommons-daemon-java          1.0.6-1ubuntu0.1

Ubuntu 11.04:
  libcommons-daemon-java          1.0.4-1ubuntu0.1

After a standard system update you need to restart applications which use
Apache Commons Daemon, such as the Jetty web server, to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1298-1
  CVE-2011-2729

Package Information:
  https://launchpad.net/ubuntu/+source/commons-daemon/1.0.6-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/commons-daemon/1.0.4-1ubuntu0.1

Ubuntu 11.10 and 11.04 USN-1298-1 Critical Apache Commons Daemon Threat

ubuntu
Calendar Grey December 12, 2011
Dist Ubuntu Esm H88
A critical flaw in Apache Commons Daemon exposes sensitive files to unauthorized network access on Ubuntu versions 11.04 and 11.10.
Apache Commons Daemon would allow unintended access to files over the network.

Summary

Topics%20covered

Topics Covered

security advisory critical Ubuntu file access Apache daemon commons-daemon

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libcommons-daemon-java 1.0.6-1ubuntu0.1 Ubuntu 11.04: libcommons-daemon-java 1.0.4-1ubuntu0.1 After a standard system update you need to restart applications which use Apache Commons Daemon, such as the Jetty web server, to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1298-1

CVE-2011-2729

Severity
critical
Lowest
Low
Medium
High
Critical

December 12, 2011

Topics%20covered

Topics Covered

security advisory critical Ubuntu file access Apache daemon commons-daemon

Package Information

https://launchpad.net/ubuntu/+source/commons-daemon/1.0.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/commons-daemon/1.0.4-1ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here