CVE-2011-1842

Publication date 19 April 2011

Last updated 24 July 2024

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
language-selector	11.04 natty	Fixed 0.33
	10.10 maverick	Fixed 0.6.7
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1115-1
language-selector vulnerability
19 April 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1842