Your submission was sent successfully! Close

USN-1115-1: language-selector vulnerability

19 April 2011

Local users could gain root access via the language-selector.

Releases

Packages

Details

Romain Perier discovered that the language-selector D-Bus backend did not
correctly check for Policy Kit authorizations. A local attacker could exploit
this to inject shell commands into the system-wide locale configuration file,
leading to root privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10

In general, a standard system update will make all the necessary changes.