Ubuntu 11.10 USN-1366-1 Moderate: devscripts Code Execution Issue
Feb 15, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
debdiff, a part of devscripts, could be made to run programs as your login ifit opened a specially crafted file.
=========================================================================Ubuntu Security Notice USN-1366-1 February 15, 2012 devscripts vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: debdiff, a part of devscripts, could be made to run programs as your login if it opened a specially crafted file. Software Description: - devscripts: scripts to make the life of a Debian Package maintainer easier Details: Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0210) Raphael Geissert discovered that debdiff did not properly sanitize its input when processing source packages. If debdiff processed an original source tarball, with crafted filenames in the top-level directory, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0211) Raphael Geissert discovered that debdiff did not properly sanitize its input when processing filename parameters. If debdiff processed a crafted filename parameter, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0212) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: devscripts 2.11.1ubuntu3.1 Ubuntu 11.04: devscripts 2.10.69ubuntu2.1 Ubuntu 10.10: devscripts 2.10.67ubuntu1.1 Ubuntu 10.04 LTS: devscripts 2.10.61ubuntu5.1 Ubuntu 8.04 LTS: devscripts 2.10.11ubuntu5.8.04.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1366-1 CVE-2012-0210, CVE-2012-0211, CVE-2012-0212 Package Information: https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.67ubuntu1.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.11ubuntu5.8.04.5
PREVIOUS
NEXT
Ubuntu 11.10 USN-1366-1 Moderate: devscripts Code Execution Issue
ubuntu
February 15, 2012
debdiff, a part of devscripts, could be made to run programs as your login ifit opened a specially crafted file.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: devscripts 2.11.1ubuntu3.1 Ubuntu 11.04: devscripts 2.10.69ubuntu2.1 Ubuntu 10.10: devscripts 2.10.67ubuntu1.1 Ubuntu 10.04 LTS: devscripts 2.10.61ubuntu5.1 Ubuntu 8.04 LTS: devscripts 2.10.11ubuntu5.8.04.5 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1366-1
CVE-2012-0210, CVE-2012-0211, CVE-2012-0212
Severity
important
Lowest
Low
Medium
High
Critical
February 15, 2012
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.67ubuntu1.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.1 https://launchpad.net/ubuntu/+source/devscripts/2.10.11ubuntu5.8.04.5
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!