Ubuntu 12.04 LTS: USN-1593-1 Critical: Remote Code Exec in Devscripts
Oct 02, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Several security issues were fixed in devscripts.
=========================================================================Ubuntu Security Notice USN-1593-1 October 02, 2012 devscripts vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in devscripts. Software Description: - devscripts: scripts to make the life of a Debian Package maintainer easier Details: Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. (CVE-2012-0212) Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. (CVE-2012-2240) Raphael Geissert discovered that the dget tool incorrectly performed input validation. If a user or automated system were tricked into processing specially crafted files, a remote attacher could delete arbitrary files. (CVE-2012-2241) Raphael Geissert discovered that the dget tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2242) Jim Meyering discovered that the annotate-output tool incorrectly handled temporary files. A local attacker could use this flaw to alter files being processed by the annotate-output tool. On Ubuntu 11.04 and later, this issue was mitigated by the Yama kernel symlink restrictions. (CVE-2012-3500) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: devscripts 2.11.6ubuntu1.4 Ubuntu 11.10: devscripts 2.11.1ubuntu3.2 Ubuntu 11.04: devscripts 2.10.69ubuntu2.2 Ubuntu 10.04 LTS: devscripts 2.10.61ubuntu5.3 In general, a standard system update will make all the necessary changes. References: CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242, CVE-2012-3500 Package Information: https://launchpad.net/ubuntu/+source/devscripts/2.11.6ubuntu1.4 https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.2 https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.2 https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.3
PREVIOUS
NEXT
Ubuntu 12.04 LTS: USN-1593-1 Critical: Remote Code Exec in Devscripts
ubuntu
October 2, 2012
Several security issues were fixed in devscripts.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: devscripts 2.11.6ubuntu1.4 Ubuntu 11.10: devscripts 2.11.1ubuntu3.2 Ubuntu 11.04: devscripts 2.10.69ubuntu2.2 Ubuntu 10.04 LTS: devscripts 2.10.61ubuntu5.3 In general, a standard system update will make all the necessary changes.
References
CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242,
CVE-2012-3500
Severity
critical
Lowest
Low
Medium
High
Critical
October 02, 2012
Package Information
https://launchpad.net/ubuntu/+source/devscripts/2.11.6ubuntu1.4 https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.2 https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.2 https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!