CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...

CVE-2012-0948

CVE-2012-0948 affects Ubuntu’s Update Manager (DistUpgrade/DistUpgradeMain.py) used in Ubuntu 12.04 LTS, 11.10, and 11.04. The vulnerability arises from weak permissions on two archive files (apt-clone_system_state.tar.gz and system_state.tar.gz), allowing local users to read repository credentia...

USN-1443-2: Update Manager vulnerability

USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Original advisory details: Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad...

CVE-2012-0950

The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...

CVE-2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...

Design/Logic Flaw

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...

CVE-2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...

CVE-2012-0949

CVE-2012-0949 affects the Ubuntu Update Manager Apport hook (DistUpgradeApport.py) used in Ubuntu 12.04 LTS, 11.10 and 11.04. The vulnerability arises when reporting bugs to Launchpad, where certain system state archive files could be uploaded, allowing remote attackers to read repository credent...

Ubuntu Update for update-manager USN-1443-1

Ubuntu Update for Linux kernel vulnerabilities USN-1443-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for update-manager USN-1443-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...

Ubuntu: Security Advisory (USN-1443-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 11.04 / 11.10 / 12.04 LTS : update-manager vulnerabilities (USN-1443-1)

It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. CVE-2012-0948 Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain...

CVE-2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...

CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...

Ubuntu: Security Advisory (USN-1283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1283-1: APT vulnerability

It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. CVE-2011-3634...