First published: Thu Oct 03 2013(Updated: )
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ubuntu Developers Language-selector | =0.79 | |
Ubuntu Developers Language-selector | =0.79.1 | |
Ubuntu Developers Language-selector | =0.79.2 | |
Ubuntu Developers Language-selector | =0.79.3 | |
Ubuntu Developers Language-selector | =0.90 | |
Ubuntu Developers Language-selector | =0.110 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =12.10 | |
Canonical Ubuntu Linux | =13.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.