You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa lintian

Sigurnosni nedostatak programskog paketa lintian

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3310-1
June 06, 2017

lintian vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.10
– Ubuntu 16.04 LTS

Summary:

lintian could be made to run programs if it processed a specially crafted
package.

Software Description:
– lintian: Debian package checker

Details:

Jakub Wilk discovered that lintian incorrectly handled deserializing
certain YAML files. If a user or automated system were tricked into running
lintian on a specially crafted package, a remote attacker could possibly
use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
lintian 2.5.50.1ubuntu0.1

Ubuntu 16.10:
lintian 2.5.48ubuntu0.1

Ubuntu 16.04 LTS:
lintian 2.5.43ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3310-1
CVE-2017-8829

Package Information:
https://launchpad.net/ubuntu/+source/lintian/2.5.50.1ubuntu0.1
https://launchpad.net/ubuntu/+source/lintian/2.5.48ubuntu0.1
https://launchpad.net/ubuntu/+source/lintian/2.5.43ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJZNs/gAAoJEGVp2FWnRL6TNjsP/29E5Rw2YFWuCcDL4B4ISb9w
4ZJazYnYMJJtUcD4z9G1TLWLDd4nXWxPueKefT9aXdeL/viNcS7r4S/IICQ6vMRh
mYv/QEAbvUdczGHFOqe35m6cNwQxLweL5lmmanlvK43TAE095Nn1hrGAcWRnbzlP
9CEdKhjtKTKivQVEHCaFg+9iyac6j3uSreQOGrjt3ExEWQOirb8hlbXSubVi41F0
OEOpeFBjWylQbpsNpgriBKSClZN3UzeTiX0QSiUZM4qIrJC5WxxQRB7Xg9u7sv5u
YMXBXpsR6N0Ffwbj+JugGonvsUHrr3k82cSh0Y06ggt/mz7/lpHdwEBqUZ7nYlwC
OA5BCgHeFDNF6FV0JmIpgfURyQKM0eIG7rEbYirkGl1TKEKKyzuMnZvRTsFXFOci
QTHu2wEAMnPqS9hnFEmHoUJbbbg7Xmk+lpdXu/eWaAmfRoxpdowElmqSsMES0IK5
RiPiHreSTT83zrm/qKY9kSOqrY1TFZqV6AA9EpSCl9k9sCVfGbJunUYanJuMDaUs
bg5B2OlRsKFfo/olp+ZvrpZcxQitp9ueroFyPNu1MlWuLS6cZxoDB0bExArN9iyw
7TZbhMBec4qvmT2NJA4w6T/h2jnBCgH4sLZ8fuXmFPUz5pTAVaH8vrgzNj0GSrjW
nqJIkAq7wALj2faVHDyO
=8D6N
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa minicom

Otkriven je sigurnosni nedostatak u programskom paketu minicom za operacijski sustav Gentoo. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvršavanje proizvoljnog...

Close