You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa coreutils

Sigurnosni nedostaci programskog paketa coreutils

==========================================================================
Ubuntu Security Notice USN-2473-1
January 14, 2015

coreutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

date and touch could be made to crash or run programs if they
handled specially crafted input.

Software Description:
– coreutils: GNU core utilities

Details:

It was discovered that the distcheck rule in dist-check.mk in GNU
coreutils allows local users to gain privileges via a symlink attack
on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS.
(CVE-2009-4135)

Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly
handled user-supplied input. An attacker could possibly use this to cause
a denial of service or potentially execute code. (CVE-2014-9471)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
coreutils 8.21-1ubuntu5.1

Ubuntu 12.04 LTS:
coreutils 8.13-3ubuntu3.3

Ubuntu 10.04 LTS:
coreutils 7.4-2ubuntu3.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2473-1
CVE-2009-4135, CVE-2014-9471

Package Information:
https://launchpad.net/ubuntu/+source/coreutils/8.21-1ubuntu5.1
https://launchpad.net/ubuntu/+source/coreutils/8.13-3ubuntu3.3
https://launchpad.net/ubuntu/+source/coreutils/7.4-2ubuntu3.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQEcBAEBAgAGBQJUtwScAAoJEPMhclmdjS6XAXwH/AiSss8qAizo4hlfo6fjV+2F
YcGeLTWr/47fC590oJaoKor1xhCSiLCW5usJOhYVTUDfKUKjMoQqxDTIKiiiNRGR
dXsylOR4En/QpxwDWkTvuyIkIpAABui1mO3loTzD8oiaxwCmWAI4QubGUYdapAMP
ju2k5l8M9lt9aGrgBOgGNuFg8WCx54M7PO2N6I3Gq18u8DQEB8aEEdowJmMXKDJF
TW3LM96F4rEk5E9XmnIkhN2x9xpbM5YcfXcKAtQy4/hHGG0GE7cx/Y3QXXVXS7R3
ZrcuAgywZFsNMH4d4qgHwRni2SG/W7ko1WKifLL6a28npuxwCjmdS4tiqXc1UQk=
=OY1k
—–END PGP SIGNATURE—–

Top
More in Preporuke
Nadogradnja za Adobe Flash Player

Adobe je izdao nadogradnju za otklanjanje višestrukih kritičnih ranjivosti programskog paketa Adobe Flash Player. Otkrivene ranjivosti posljedica su neodgovarajuće provjere...

Close