Ubuntu Security Notice 1464-1 - It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
289394b386becc411d1da7e03909df1856271f711709c51b346d29cd31c165ae
============================================================================
Ubuntu Security Notice USN-1464-1
June 06, 2012
ubuntu-sso-client vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software Description:
- ubuntu-sso-client: Ubuntu Single Sign-On client
Details:
It was discovered that the Ubuntu Single Sign On Client incorrectly
validated server certificates when using HTTPS connections. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to alter or compromise confidential information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
ubuntu-sso-client 1.4.1-0ubuntu1.1
Ubuntu 11.04:
ubuntu-sso-client 1.2.1-0ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1464-1
CVE-2011-4408
Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-sso-client/1.4.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/ubuntu-sso-client/1.2.1-0ubuntu2.1