Ubuntu Security Notice 1366-1 - Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Raphael Geissert discovered that debdiff did not properly sanitize its input when processing source packages. If debdiff processed an original source tarball, with crafted filenames in the top-level directory, an attacker could execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
40bfda9eabf67eda5f80bb688e78213248741ec5b1e9125cf6217c996c46b807
Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1366-1
February 15, 2012
devscripts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
debdiff, a part of devscripts, could be made to run programs as your login if
it opened a specially crafted file.
Software Description:
- devscripts: scripts to make the life of a Debian Package maintainer easier
Details:
Paul Wise discovered that debdiff did not properly sanitize its input when
processing .dsc and .changes files. If debdiff processed a crafted file, an
attacker could execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0210)
Raphael Geissert discovered that debdiff did not properly sanitize its input
when processing source packages. If debdiff processed an original source
tarball, with crafted filenames in the top-level directory, an attacker could
execute arbitrary code with the privileges of the user invoking the program.
(CVE-2012-0211)
Raphael Geissert discovered that debdiff did not properly sanitize its input
when processing filename parameters. If debdiff processed a crafted filename
parameter, an attacker could execute arbitrary code with the privileges of the
user invoking the program. (CVE-2012-0212)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
devscripts 2.11.1ubuntu3.1
Ubuntu 11.04:
devscripts 2.10.69ubuntu2.1
Ubuntu 10.10:
devscripts 2.10.67ubuntu1.1
Ubuntu 10.04 LTS:
devscripts 2.10.61ubuntu5.1
Ubuntu 8.04 LTS:
devscripts 2.10.11ubuntu5.8.04.5
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1366-1
CVE-2012-0210, CVE-2012-0211, CVE-2012-0212
Package Information:
https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.1
https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.1
https://launchpad.net/ubuntu/+source/devscripts/2.10.67ubuntu1.1
https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.1
https://launchpad.net/ubuntu/+source/devscripts/2.10.11ubuntu5.8.04.5