Ubuntu alert USN-1115-1 (language-selector)

From:
    	     
 
Kees Cook <kees@ubuntu.com> 
To:
    	     
 
ubuntu-security-announce@lists.ubuntu.com 
Subject:
    	     
 
[USN-1115-1] language-selector vulnerability 
Date:
    	     
 
Tue, 19 Apr 2011 11:40:21 -0700
Message-ID:
    	     
 
<20110419184021.GY4800@outflux.net>
Cc:
    	     
 
full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Archive‑link:
 
        	
Article
==========================================================================
Ubuntu Security Notice USN-1115-1
April 19, 2011

language-selector vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10

Summary:

Local users could gain root access via the language-selector.

Software Description:
- language-selector: Language selector for Ubuntu Linux

Details:

Romain Perier discovered that the language-selector D-Bus backend did not
correctly check for Policy Kit authorizations. A local attacker could exploit
this to inject shell commands into the system-wide locale configuration file,
leading to root privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  language-selector-common        0.6.7

In general, a standard system update will make all the necessary changes.

References:
  CVE-2011-0729

Package Information:
  https://launchpad.net/ubuntu/+source/language-selector/0.6.7

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...