Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Ubuntu 11.10: USN-1381-1 Medium: CouchDB Server Certificate Risk

Calendar Mar 01, 2012 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information exposure ubuntu medium couchdb
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. 
=========================================================================Ubuntu Security Notice USN-1381-1
March 01, 2012

ubuntuone-couch vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- ubuntuone-couch: Ubuntu One CouchDB

Details:

It was discovered that Ubuntu One Couch did not perform any server
certificate validation when using HTTPS connections. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to alter or compromise confidential information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  ubuntuone-couch                 0.3.0-0ubuntu2.1

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-1381-1
  https://bugs.launchpad.net/ubuntu/+source/ubuntuone-couch/+bug/882049

Package Information:
  https://launchpad.net/ubuntu/+source/ubuntuone-couch/0.3.0-0ubuntu2.1

Ubuntu 11.10: USN-1381-1 Medium: CouchDB Server Certificate Risk

ubuntu
Calendar Grey March 1, 2012
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-1390-2 highlights a flaw in the NetworkManager, which may lead to unauthorized access to data.
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.

Summary

Topics%20covered

Topics Covered

security advisory information exposure ubuntu medium couchdb

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: ubuntuone-couch 0.3.0-0ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1381-1

https://bugs.launchpad.net/ubuntu/+source/ubuntuone-couch/+bug/882049

Severity
medium
Lowest
Low
Medium
High
Critical

March 01, 2012

Topics%20covered

Topics Covered

security advisory information exposure ubuntu medium couchdb

Package Information

https://launchpad.net/ubuntu/+source/ubuntuone-couch/0.3.0-0ubuntu2.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here