Ubuntu Update For Devscripts USN-1366-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1366-1

Solution

Please Install the Updated Packages.

Insight

Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0210) Raphael Geissert discovered that debdiff did not properly sanitize its input when processing source packages. If debdiff processed an original source tarball, with crafted filenames in the top-level directory, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0211) Raphael Geissert discovered that debdiff did not properly sanitize its input when processing filename parameters. If debdiff processed a crafted filename parameter, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0212)

Affected

devscripts on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-February/001591.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0210, CVE-2012-0211, CVE-2012-0212

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for devscripts USN-1366-1

Take action and discover your vulnerabilities