Ubuntu Security Notice 88-1

Ubuntu Security Notice 88-1: Posted Feb 28, 2005; Authored by Ubuntu, Rolf Leggewie | Site ubuntu.com; Ubuntu Security Notice USN-88-1 - A couple information disclosure bugs were found in reportbug.; tags | advisory, info disclosure; systems | linux, ubuntu; SHA-256 | 88822ae6d05ef8778f0a952993a97af640a6b96d9e567db0404ddd54daceed2f; Download | Favorite | View

Ubuntu Security Notice 88-1


--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-88-1      February 28, 2005
reportbug information disclosure
https://bugzilla.ubuntulinux.org/6600
https://bugzilla.ubuntulinux.org/6717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

reportbug

The problem can be corrected by upgrading the affected package to
version 2.62ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes. However, if your users
already have ~/.reportbugrc files with SMTP passwords, you need to
manually change their permissions with

  chmod 600 .reportbugrc

Details follow:

Rolf Leggewie discovered two information disclosure bugs in reportbug.

The per-user configuration file ~/.reportbugrc was created
world-readable. If it contained email smarthost passwords, these were
readable by any other user on the computer storing the home directory.

reportbug usually includes the settings from ~/.reportbugrc in
generated bug reports. This included the "smtppasswd" setting (the
password for an SMTP email smarthost) as well. The password is
now hidden from reports.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.dsc
      Size/MD5:      540 19dab43ca7c942311e87ad5e48e32a39
    http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1.tar.gz
      Size/MD5:   115256 9b3fbec6a6974274068afb08835f0fdc

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/r/reportbug/reportbug_2.62ubuntu1.1_all.deb
      Size/MD5:   104630 f051c98020dffd1e8ae3253ab72e88ce

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCIxQUDecnbV4Fd/IRAlnwAJ4j/xMI8mW70dZDcaz6x/B8V2eQ8gCgxhav
qvRVz/h+cPFQHxNgkt26/OY=
=KcxW
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Ubuntu Security Notice 88-1

Ubuntu Security Notice 88-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice 88-1

Share This

Ubuntu Security Notice 88-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems