USN-1115-1: language-selector vulnerability
19 April 2011
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Local users could gain root access via the language-selector.
- language-selector - Language selector for Ubuntu Linux
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.