USN-1115-1: language-selector vulnerability
19 April 2011
language-selector vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary
Local users could gain root access via the language-selector.
Software Description
- language-selector - Language selector for Ubuntu Linux
Details
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 10.10
- language-selector-common - 0.6.7
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.