CVE-2011-3154

CVE-2011-3154 affects Ubuntu Update Manager (DistUpgrade/DistUpgradeViewKDE.py) where temporary files are created insecurely, enabling a local user to read the attacker’s XAUTHORITY file via a symlink attack. The issue is documented in CVE-2011-3154 with affected versions prior to specific update...

Ubuntu: Security Advisory (USN-1284-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : update-manager regression (USN-1284-2)

USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. David Black discovered that Update Manager incorrectly extracted the...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : update-manager vulnerabilities (USN-1284-1)

David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. CVE-2011-3152 David Black...

USN-1284-1: Update Manager vulnerabilities

David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. CVE-2011-3152 David Black...