Launchpad CVE tracker

CVE 2011-4409

The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.

Related bugs and status

CVE-2011-4409 (Candidate) is related to these bugs:

Bug #882062: ubuntuone-client doesn't validate ssl certificates

		In	Importance	Status
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One Client	High	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Lucid)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Maverick)	Medium	Won't Fix
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Precise)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Oneiric)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Natty)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Lucid)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Maverick)	Undecided	Won't Fix
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Natty)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Oneiric)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Precise)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-client (Ubuntu Quantal)	Medium	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	ubuntuone-storage-protocol (Ubuntu Quantal)	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol stable-4-0	High	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol trunk	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol stable-2-0	Undecided	Won't Fix
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol stable-3-0	High	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol stable-1-2	Undecided	Won't Fix
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One storage protocol stable-1-6	Undecided	Won't Fix
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One Client stable-3-0	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One Client stable-4-0	Undecided	Fix Released
882062	ubuntuone-client doesn't validate ssl certificates	Ubuntu One Client trunk	High	Fix Released

Bug #988362: Doesn't support protobuf python cpp extension

		In	Importance	Status
988362	Doesn't support protobuf python cpp extension	Ubuntu One storage protocol	Medium	Fix Released
988362	Doesn't support protobuf python cpp extension	Ubuntu One storage protocol stable-4-0	Medium	Fix Released
988362	Doesn't support protobuf python cpp extension	Ubuntu One storage protocol trunk	Medium	Fix Released
988362	Doesn't support protobuf python cpp extension	ubuntuone-storage-protocol (Ubuntu)	Undecided	Fix Released
988362	Doesn't support protobuf python cpp extension	ubuntuone-storage-protocol (Ubuntu Quantal)	Undecided	Fix Released

Bug #1009573: package python-ubuntuone-client 1.2.2-0ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Summary				In	Importance	Status
	1009573	package python-ubuntuone-client 1.2.2-0ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1		ubuntuone-client (Ubuntu)	High	Fix Released

Bug #1011666: Tests failing when ubuntuone-storage-protocol not already installed

		In	Importance	Status
1011666	Tests failing when ubuntuone-storage-protocol not already installed	Ubuntu One storage protocol	High	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	Ubuntu One storage protocol stable-4-0	High	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	Ubuntu One storage protocol trunk	High	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	ubuntuone-storage-protocol (Ubuntu)	Undecided	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	ubuntuone-storage-protocol (Ubuntu Quantal)	Undecided	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	Ubuntu One storage protocol stable-3-0	Undecided	Fix Released
1011666	Tests failing when ubuntuone-storage-protocol not already installed	ubuntuone-storage-protocol (Ubuntu Precise)	Undecided	Fix Released

Bug #1081144: [lucid] ubuntuone-preferences: SSL hostname validation failed

Summary				In	Importance	Status
	1081144	[lucid] ubuntuone-preferences: SSL hostname validation failed		Ubuntu One Client	Undecided	Won't Fix
	1081144	[lucid] ubuntuone-preferences: SSL hostname validation failed		ubuntuone-client (Ubuntu)	Medium	Won't Fix

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-1465-1
UBUNTU: USN-1465-2
UBUNTU: USN-1465-3
BID: 53828
OSVDB: 82748
SECUNIA: 49442
XF: ubuntuoneclient-ssl-in...

Launchpad.net

CVE 2011-4409

Related bugs and status

Related bugs

References