Canonical Closes Swift Exploit in Ubuntu 14.04 LTS

Users have been asked to upgrade their systems as soon as possible

  Ubuntu 14.04 LTS
Canonical published details in a security notice about a Swift vulnerability in Ubuntu 14.04 LTS (Trusty Tahr) that has been found and repaired.

Canonical published details in a security notice about a Swift vulnerability in Ubuntu 14.04 LTS (Trusty Tahr) that has been found and repaired.

The Ubuntu developers have repaired another vulnerability, but this time it was only for their latest Ubuntu 14.04 version. The other supported Ubuntu OSes haven't been affected by this issue.

According to the security notice, “JJohn Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.”

For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue.

The flaw can be fixed if you upgrade your system(s) to the latest python-swift package specific to each distribution. To apply the patch, users can simply run the Update Manager application.

In general, a standard system update will make all the necessary changes and you won't have to restart the system.

Comments