Ubuntu Security Notice USN-2746-2

Ubuntu Security Notice USN-2746-2: Posted Sep 26, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2746-2 - USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Various other issues were also addressed.; tags | advisory, remote; systems | linux, ubuntu; SHA-256 | 7b09a0d72f7034d833f88eb6791490c832b585167b9f3d5c9d54469a9097fe5c; Download | Favorite | View

Ubuntu Security Notice USN-2746-2

============================================================================
Ubuntu Security Notice USN-2746-2
September 25, 2015

simplestreams regression
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

USN-2746-1 introduced a regression in Simple Streams.

Software Description:
- simplestreams: Library and tools for using Simple Streams data

Details:

USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a
regression preventing MAAS from downloading PXE images. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that Simple Streams did not properly perform gpg
 verification in some situations. A remote attacker could use this to
 perform a man-in-the-middle attack and inject malicious content into
 the stream.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python-simplestreams            0.1.0~bzr354-0ubuntu1.15.04.2
  python-simplestreams-openstack  0.1.0~bzr354-0ubuntu1.15.04.2
  python3-simplestreams           0.1.0~bzr354-0ubuntu1.15.04.2
  simplestreams                   0.1.0~bzr354-0ubuntu1.15.04.2

Ubuntu 14.04 LTS:
  python-simplestreams            0.1.0~bzr341-0ubuntu2.3
  python-simplestreams-openstack  0.1.0~bzr341-0ubuntu2.3
  python3-simplestreams           0.1.0~bzr341-0ubuntu2.3
  simplestreams                   0.1.0~bzr341-0ubuntu2.3

After a standard system update you need to restart any services that
make use of python-simplestreams or python3-simplestreams to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2746-2
  http://www.ubuntu.com/usn/usn-2746-1
  https://launchpad.net/bugs/1499749

Package Information:
  https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr354-0ubuntu1.15.04.2
  https://launchpad.net/ubuntu/+source/simplestreams/0.1.0~bzr341-0ubuntu2.3

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

Ubuntu Security Notice USN-2746-2

Ubuntu Security Notice USN-2746-2

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2746-2

Share This

Ubuntu Security Notice USN-2746-2

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems