Articles / Ubuntu: New language-select…

Ubuntu: New language-selector packages fix security vulnerabilities

Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Updated packages are available from security.ubuntu.com.

==========================================================================
Ubuntu Security Notice USN-1115-1
April 19, 2011

language-selector vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10

Summary:

Local users could gain root access via the language-selector.

Software Description:
- language-selector: Language selector for Ubuntu Linux

Details:

Romain Perier discovered that the language-selector D-Bus backend did not
correctly check for Policy Kit authorizations. A local attacker could exploit
this to inject shell commands into the system-wide locale configuration file,
leading to root privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
 language-selector-common        0.6.7

In general, a standard system update will make all the necessary changes.

References:
 CVE-2011-0729

Package Information:
 https://launchpad.net/ubuntu/+source/language-selector/0.6.7
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.