rss-bot
March 10th, 2009, 01:10 PM
Referenced CVEs:
CVE-2009-0854
Description:
================================================== ========= Ubuntu Security Notice USN-732-1 March 10, 2009 dash vulnerability CVE-2009-0854 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1 Ubuntu 8.10: dash 0.5.4-9ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.
More... (http://www.ubuntu.com/usn/USN-732-1)
CVE-2009-0854
Description:
================================================== ========= Ubuntu Security Notice USN-732-1 March 10, 2009 dash vulnerability CVE-2009-0854 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1 Ubuntu 8.10: dash 0.5.4-9ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.
More... (http://www.ubuntu.com/usn/USN-732-1)