UbuntuUpdates.org

Package "ubuntu-advantage-desktop-daemon"

Name: ubuntu-advantage-desktop-daemon

Description:

Daemon to allow access to ubuntu-advantage via D-Bus

Latest version: 1.11ubuntu0.1
Release: noble (24.04)
Level: security
Repository: main
Homepage: https://github.com/canonical/ubuntu-advantage-desktop-daemon

Links


Download "ubuntu-advantage-desktop-daemon"


Other versions of "ubuntu-advantage-desktop-daemon" in Noble

Repository Area Version
base main 1.11
updates main 1.11ubuntu0.1

Changelog

Version: 1.11ubuntu0.1 2024-10-11 02:07:18 UTC

  ubuntu-advantage-desktop-daemon (1.11ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Pro client is called with attach parameter in plain text,
    allowing for potentially leak of private information. (LP: #2068944)
    - debian/patches/CVE-2024-6388.patch: Use a temporary file with 400
      permissions instead.
      https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24/
    - CVE-2024-6388

 -- Chris Kim <email address hidden> Fri, 04 Oct 2024 09:05:56 -0700

2068944 ubuntu-advantage-desktop-daemon (pro client in general) may expose the pro token to other users
CVE-2024-6388 Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the tok



About   -   Send Feedback to @ubuntu_updates