2

USN-847-2: devscripts vulnerability

view story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-2946 Description:  =========================================================== Ubuntu Security Notice USN-847-2 October 09, 2009 devscripts vulnerability CVE-2009-2946 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: devscripts 2.9.10-0ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program. (Distributions)