Ubuntu Security Notice USN-2746-2

Ubuntu Security Notice USN-2746-2: Posted Sep 26, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2746-2 - USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Various other issues were also addressed.; tags | advisory, remote; systems | linux, ubuntu; SHA-256 | 7b09a0d72f7034d833f88eb6791490c832b585167b9f3d5c9d54469a9097fe5c; Download | Favorite | View

Ubuntu Security Notice USN-2746-2

============================================================================
Ubuntu Security Notice USN-2746-2
September 25, 2015

simplestreams regression
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

USN-2746-1 introduced a regression in Simple Streams.

Software Description:
- simplestreams: Library and tools for using Simple Streams data

Details:

USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a
regression preventing MAAS from downloading PXE images. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Simple Streams did not properly perform gpg
 verification in some situations. A remote attacker could use this to
 perform a man-in-the-middle attack and inject malicious content into
 the stream.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python-simplestreams            0.1.0~bzr354-0ubuntu1.15.04.2
  python-simplestreams-openstack  0.1.0~bzr354-0ubuntu1.15.04.2
  python3-simplestreams           0.1.0~bzr354-0ubuntu1.15.04.2
  simplestreams                   0.1.0~bzr354-0ubuntu1.15.04.2

Ubuntu 14.04 LTS:
  python-simplestreams            0.1.0~bzr341-0ubuntu2.3
  python-simplestreams-openstack  0.1.0~bzr341-0ubuntu2.3
  python3-simplestreams           0.1.0~bzr341-0ubuntu2.3
  simplestreams                   0.1.0~bzr341-0ubuntu2.3

After a standard system update you need to restart any services that
make use of python-simplestreams or python3-simplestreams to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2746-2
  http://www.ubuntu.com/usn/usn-2746-1
  https://launchpad.net/bugs/1499749

Package Information:
  https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr354-0ubuntu1.15.04.2
  https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr341-0ubuntu2.3

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

Ubuntu Security Notice USN-2746-2

Ubuntu Security Notice USN-2746-2

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2746-2

Share This

Ubuntu Security Notice USN-2746-2

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems