*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
In dropdown list "Authentication mode" there is a critical translation mistake. The command name "su" is interpreted by Pootle as a Sudan language. A novice may not correctly understand the list and can make an incorrect choice that will cause serious system damages or security vulnerabilities. Incorrectly used root privilages may be a good gate for viruses and atackers. I see this mistake in Ukrainian but it maybe the same in different languages. So I did not write directly to Ukrainian developer (Danilo) but send to bugs.lounchpad.net with security group notification. Please verify localizations to prevent great problems. I included a warning to http://askubuntu.com/questions/284306/why-is-gksu-no-longer-installed- by-default-in-13-04/284717#284717 But it can not be a 100% protection. ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: gksu 2.0.2-6ubuntu2 ProcVersionSignature: Ubuntu 3.8.0-21.32-generic 3.8.8 Uname: Linux 3.8.0-21-generic x86_64 NonfreeKernelModules: wl nvidia ApportVersion: 2.9.2-0ubuntu8 Architecture: amd64 Date: Fri May 24 00:55:22 2013 InstallationDate: Installed on 2013-05-19 (4 days ago) InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424) MarkForUpload: True ProcEnviron: TERM=xterm PATH=(custom, no username) XDG_RUNTIME_DIR=<set> LANG=uk_UA.UTF-8 SHELL=/bin/bash SourcePackage: gksu UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gksu (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug raring -- Critical translation mistake of "Authentication mode" list in localized gksu-properties (su ->Sudan Language) may cause incorrect choice causing system damages and security vulnerabilities https://bugs.launchpad.net/bugs/1183593 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
