Articles / Ubuntu

All articles tagged with Ubuntu

October 30, 2011 09:02 Ubuntu: New Nova packages fix security vulnerabilities

0

An information leak was discovered in Nova. An attacker with access to a valid EC2_ACCESS_KEY could obtain the corresponding EC2_SECRET_KEY for that user. Updated packages are available from security.ubuntu.com.

October 30, 2011 09:00 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service.

Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.

Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user.

Updated packages are available from security.ubuntu.com.

October 30, 2011 08:56 Ubuntu: New Puppet packages fix security vulnerabilities

0

It was discovered that Puppet incorrectly handled the non-default “certdnsnames” option when generating certificates. If this setting was added to puppet.conf, the puppet master’s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master’s certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack. Updated packages are available from security.ubuntu.com.

October 28, 2011 09:22 Ubuntu: New PAM packages fix security vulnerabilities

0

Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Stephane Chazelas discovered that the PAM pam_motd module incorrectly cleaned the environment during execution of the motd scripts. In certain environments, a local attacker could use this to execute arbitrary code as root, and gain privileges.

Updated packages are available from security.ubuntu.com.

October 26, 2011 09:21 Ubuntu: New Open-iSCSI packages fix security vulnerabilities

0

Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges. Updated packages are available from security.ubuntu.com.

October 26, 2011 09:20 Ubuntu: New Linux packages fix security vulnerabilities

0

It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets.

Updated packages are available from security.ubuntu.com.

October 24, 2011 06:51 Ubuntu: New acpid packages fix security vulnerabilities

0

Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service. Updated packages are available from security.ubuntu.com.

October 22, 2011 16:48 Ubuntu: New Kerberos packages fix security vulnerabilities

0

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. Mark Deneen discovered that an assert() could be triggered in the krb5_ldap_lockout_audit() function in the KDC LDAP backend and the krb5_db2_lockout_audit() function in the KDC DB2 backend. An unauthenticated remote attacker could use this to cause a denial of service. It was discovered that a NULL pointer dereference could occur in the lookup_lockout_policy() function in the KDC LDAP and DB2 backends. An unauthenticated remote attacker could use this to cause a denial of service. Updated packages are available from security.ubuntu.com.

October 20, 2011 14:48 Ubuntu: New X.org packages fix security vulnerabilities

0

It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. Vladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not.

Vladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information.

Updated packages are available from security.ubuntu.com.

October 20, 2011 14:46 Ubuntu: New PHP packages fix security vulnerabilities

0

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function’s handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. It was discovered that the crypt function for blowfish does not properly handle 8-bit characters. This could make it easier for an attacker to discover a cleartext password containing an 8-bit character that has a matching blowfish crypt value.

It was discovered that PHP did not properly check the return values of the malloc(3), calloc(3) and realloc(3) library functions in multiple locations. This could allow an attacker to cause a denial of service via a NULL pointer dereference or possibly execute arbitrary code. Maksymilian Arciemowicz discovered that PHP did not properly implement the error_log function. This could allow an attacker to cause a denial of service via an application crash. Maksymilian Arciemowicz discovered that the ZipArchive functions addGlob() and addPattern() did not properly check their flag arguments. This could allow a malicious script author to cause a denial of service via application crash. It was discovered that the Xend opcode parser in PHP could be interrupted while handling the shift-left, shift-right, and bitwise-xor opcodes. This could allow a malicious script author to expose memory contents.

It was discovered that the strrchr function in PHP could be interrupted by a malicious script, allowing the exposure of memory contents.

Updated packages are available from security.ubuntu.com.

October 20, 2011 09:54 Ubuntu: New Quassel packages fix security vulnerabilities

0

An unprivileged user could read files in the data and logging directories, including an automatically generated SSL certificate, used by the quasselcore daemon. Updated packages are available from security.ubuntu.com.

October 18, 2011 09:04 Ubuntu: New PostgreSQL packages fix security vulnerabilities

0

It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort. Updated packages are available from security.ubuntu.com.

October 18, 2011 09:03 Red Hat: Updated kdelibs packages fix one security issue

0

The kdelibs packages provide libraries for the K Desktop Environment (KDE). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. Updated packages are available from ftp.redhat.com.

October 18, 2011 08:58 Ubuntu: New Linux packages fix security vulnerabilities

0

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service.

Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service.

Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user.

Updated packages are available from security.ubuntu.com.

October 10, 2011 09:44 Ubuntu: New cifs-utils packages fix security vulnerabilities

0

Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Updated packages are available from security.ubuntu.com.

October 10, 2011 09:43 Ubuntu: New Samba packages fix security vulnerabilities

0

Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Dan Rosenberg discovered that Samba incorrectly handled the mtab lock file. A local attacker could use this issue to create a stale lock file, possibly leading to a denial of service. Updated packages are available from security.ubuntu.com.

October 08, 2011 08:15 Ubuntu: New Linux packages fix security vulnerabilities

0

Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges.

Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user.

Updated packages are available from security.ubuntu.com.

October 08, 2011 08:14 Ubuntu: New rsyslog packages fix security vulnerabilities

0

It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash. Updated packages are available from security.ubuntu.com.

October 08, 2011 08:08 Ubuntu: New Puppet packages fix security vulnerabilities

0

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the –edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Updated packages are available from security.ubuntu.com.

October 06, 2011 06:50 Ubuntu: New mutt packages fix security vulnerabilities

0

It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server’s certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack. Updated packages are available from security.ubuntu.com.

October 06, 2011 06:50 Ubuntu: New Firefox packages fix security vulnerabilities

0

Researchers discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Ian Graham discovered that when multiple Location headers were present, Firefox would use the second one resulting in a possible CRLF injection attack. CRLF injection issues can result in a wide variety of attacks, such as XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and cookie theft.

Mariusz Mlynski discovered that if the user could be convinced to hold down the enter key, a malicious website could potential pop up a download dialog and the default open action would be selected or lead to the installation of an arbitrary add-on. This would result in potentially malicious content being run with privileges of the user invoking Firefox. (CVE-2011-2372, CVE-2011-3001) Michael Jordon and Ben Hawkes discovered flaws in WebGL. If a user were tricked into opening a malicious page, an attacker could cause the browser to crash. It was discovered that Firefox did not properly free memory when processing ogg files. If a user were tricked into opening a malicious page, an attacker could cause the browser to crash.

David Rees and Aki Helin discovered a problems in the JavaScript engine. An attacker could exploit this to crash the browser or potentially escalate privileges within the browser.

Updated packages are available from security.ubuntu.com.

October 06, 2011 06:48 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities.

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.

Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges.

Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload. The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

October 04, 2011 19:24 Ubuntu: New Puppet packages fix security vulnerabilities

0

Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master. Updated packages are available from security.ubuntu.com.

October 01, 2011 00:16 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Mark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript engine. An attacker could potentially use this to crash Thunderbird.

Ian Graham discovered that when multiple Location headers were present, Thunderbird would use the second one resulting in a possible CRLF injection attack. CRLF injection issues can result in a wide variety of attacks, such as XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and cookie theft. Mariusz Mlynski discovered that if the user could be convinced to hold down the enter key, a malicious website or E-Mail could potential pop up a download dialog and the default open action would be selected. This would result in potentially malicious content being run with privileges of the user invoking Thunderbird.

Updated packages are available from security.ubuntu.com.

October 01, 2011 00:13 Ubuntu: New Firefox packages fix security vulnerabilities

0

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named “location” could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Mark Kaplan discovered an integer underflow in the SpiderMonkey JavaScript engine. An attacker could potentially use this to crash Firefox.

Ian Graham discovered that when multiple Location headers were present, Firefox would use the second one resulting in a possible CRLF injection attack. CRLF injection issues can result in a wide variety of attacks, such as XSS (Cross-Site Scripting) vulnerabilities, browser cache poisoning, and cookie theft. Mariusz Mlynski discovered that if the user could be convinced to hold down the enter key, a malicious website could potential pop up a download dialog and the default open action would be selected. This would result in potentially malicious content being run with privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

September 26, 2011 06:12 Ubuntu: New APT packages fix security vulnerabilities

0

It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Updated packages are available from security.ubuntu.com.

September 26, 2011 06:10 Ubuntu: New GIMP packages fix security vulnerabilities

0

Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. Updated packages are available from security.ubuntu.com.

September 25, 2011 08:14 Ubuntu: New Linux packages fix security vulnerabilities

0

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service.

It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. Updated packages are available from security.ubuntu.com.

September 23, 2011 11:38 Ubuntu: New FFmpeg packages fix security vulnerabilities

0

It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed APE files. If a user were tricked into opening a crafted APE file, an attacker could cause a denial of service via application crash.

Emmanouel Kellinis discovered that FFmpeg incorrectly handled certain malformed CAVS files. If a user were tricked into opening a crafted CAVS file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 23, 2011 11:36 Ubuntu: New libav packages fix security vulnerabilities

0

It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Emmanouel Kellinis discovered that Libav incorrectly handled certain malformed CAVS files. If a user were tricked into opening a crafted CAVS file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.