USN-1115-1: language-selector vulnerability

19 April 2011

language-selector vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10

Summary

Local users could gain root access via the language-selector.

Software Description

  • language-selector - Language selector for Ubuntu Linux

Details

Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
language-selector-common - 0.6.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References