Ubuntu Security Notification for Bzr Vulnerability (USN-3411-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It discovered that Bazaar did not properly handle host names in ‘bzr+ssh://’ URLs.

漏洞危害

A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user.

解决方案

Refer to Ubuntu advisory USN-3411-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3411-1: 16.04 (Xenial) on src (bzr)

USN-3411-1: 14.04 (Kylin) on src (python-bzrlib)

USN-3411-1: 17.04 (zesty) on src (bzr)

USN-3411-1: 17.04 (zesty) on src (python-bzrlib)

USN-3411-1: 16.04 (Xenial) on src (python-bzrlib)

USN-3411-1: 14.04 (Kylin) on src (bzr)

Leave a Reply