News

=========================================================== Ubuntu Security Notice USN-247-1 February 09, 2006 heimdal vulnerability CVE-2006-0582 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: heimdal-servers The problem can be corrected by upgrading the affected package to version 0.6.2-3ubuntu0.2 (for Ubuntu 4.10), 0.6.3-7ubuntu1.2 (for Ubuntu 5.04), or 0.6.3-11ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the 'universe' component of the archive). However, this affects you if you use a customized version built from the heimdal source package (which is supported).