Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Ubuntu 12.04 LTS: USN-2471-1 Critical GParted Local Attack Overview

ubuntu
Calendar Grey January 14, 2015
Dist Ubuntu Esm H88
A flaw in GParted enables local malicious users to run commands with elevated privileges. Immediate update is recommended.
GParted could be made to run programs as an administrator.

Summary

GParted could be made to run programs as an administrator.

Software Description:

- gparted: GNOME partition editor

Details:

Wolfgang Ettlinger discovered that GParted incorrectly filtered shell

metacharacters when running external commands. A local attacker could use

this issue with a crafted filesystem label to run arbitrary commands as the

administrator.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  gparted                         0.11.0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2471-1

CVE-2014-7208

Severity
critical
Lowest
Low
Medium
High
Critical

January 14, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.