rss-bot
May 13th, 2010, 10:30 AM
Referenced CVEs:
CVE-2010-1000
Description:
================================================== ========= Ubuntu Security Notice USN-938-1 May 13, 2010 kdenetwork vulnerability CVE-2010-1000 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: kget 4:4.2.2-0ubuntu2.3 Ubuntu 9.10: kget 4:4.3.2-0ubuntu4.1 Ubuntu 10.04 LTS: kget 4:4.4.2-0ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
More... (http://www.ubuntu.com/node/2316)
CVE-2010-1000
Description:
================================================== ========= Ubuntu Security Notice USN-938-1 May 13, 2010 kdenetwork vulnerability CVE-2010-1000 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: kget 4:4.2.2-0ubuntu2.3 Ubuntu 9.10: kget 4:4.3.2-0ubuntu4.1 Ubuntu 10.04 LTS: kget 4:4.4.2-0ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.
More... (http://www.ubuntu.com/node/2316)