Articles / Ubuntu

All articles tagged with Ubuntu

August 06, 2011 15:11 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Thunderbird or execute arbitrary code with the privileges of the user invoking Thunderbird.

Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Thunderbird. Multiple use-after-free vulnerabilities were discovered. An attacker could potentially use these to execute arbitrary code with the privileges of the user invoking Thunderbird. David Chan discovered that cookies did not honor same-origin conventions. This could potentially lead to cookie data being leaked to a third party.

Updated packages are available from security.ubuntu.com.

August 06, 2011 15:09 Ubuntu: New Linux packages fix security vulnerabilities

0

Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy.

Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service.

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

August 05, 2011 13:02 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy.

Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service.

Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service.

Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Dave Jones discovered that the mprotect system call did not correctly handle merged VMAs. A local attacker could exploit this to crash the system, leading to a denial of service.

Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service.

Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service. It was discovered that named pipes did not correctly handle certain fcntl calls. A local attacker could exploit this to crash the system, leading to a denial of service. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges.

Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges.

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges.

Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit.

It was discoverd that transparent huge page support did not correctly handle temporary stacks. A local attacker could exploit this to crash the system, leading to a denial of service. Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service.

Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges.

Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. It was discovered that the key-based DNS resolver did not correctly handle certain error states. A local attacker could exploit this to crash the system, leading to a denial of service. Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service.

Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would consume large amounts of CPU, leading to a denial of service. Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy.

Dan Rosenberg discovered that some ALSA drivers did not correctly check the adapter index during ioctl calls. If this driver was loaded, a local attacker could make a specially crafted ioctl call to gain root privileges. Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy.

Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service.

Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service.

Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. Updated packages are available from security.ubuntu.com.

August 05, 2011 13:01 Ubuntu: New APT packages fix security vulnerabilities

0

William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Updated packages are available from security.ubuntu.com.

August 04, 2011 11:16 Ubuntu: New OProfile packages fix security vulnerabilities

0

Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the –save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

August 03, 2011 08:11 Ubuntu: New qemu-kvm packages fix security vulnerabilities

0

Nelson Elhage discoverd that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

August 03, 2011 08:09 Ubuntu: New bind packages fix security vulnerabilities

0

It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

July 27, 2011 13:37 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges.

Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit.

Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges.

Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system.

Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would consume large amounts of CPU, leading to a denial of service. Dan Rosenberg discovered that some ALSA drivers did not correctly check the adapter index during ioctl calls. If this driver was loaded, a local attacker could make a specially crafted ioctl call to gain root privileges.

Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service.

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. Updated packages are available from security.ubuntu.com.

July 26, 2011 20:08 Ubuntu: New curl packages fix security vulnerabilities

0

Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client’s security credential. Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount of callback data sent to an application that requests automatic decompression. This might allow an attacker to cause a denial of service via an application crash or possibly execute arbitrary code with the privilege of the application. Updated packages are available from security.ubuntu.com.

July 26, 2011 20:05 Ubuntu: New Firefox packages fix security vulnerabilities

0

Multiple memory vulnerabilities were discovered in the Firefox rendering engine. An attacker could possibly execute arbitrary code with the privileges of the user invoking Firefox. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox.

Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability in JavaScript Arrays. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that Firefox’s WebGL textures did not honor same-origin policy. If a user were tricked into viewing a malicious site, an attacker could potentially view image data from a different site. Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL code. An attacker could potentially read data that other processes had stored in the GPU. Christoph Diehl discovered an invalid write vulnerability in WebGL code. An attacker could potentially use this to execute arbitrary code with the privileges of the user invoking Firefox. It was discovered that an unauthorized site could trigger an installation dialog for addons and themes. If a user were tricked into viewing a malicious site, an attacker could possibly trick the user into installing a malicious addon or theme.

Mario Heiderich discovered a vulnerability in displaying decoded HTML-encoded entities inside SVG elements. An attacker could utilize this to perform cross-site scripting attacks. Updated packages are available from security.ubuntu.com.

July 25, 2011 14:55 Ubuntu: New NBD packages fix security vulnerabilities

0

It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

July 25, 2011 14:53 Ubuntu: New tgt packages fix security vulnerabilities

0

It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

July 24, 2011 15:03 Ubuntu: New libxml2 packages fix security vulnerabilities

0

Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. Updated packages are available from security.ubuntu.com.

July 24, 2011 15:02 Ubuntu: New libvirt packages fix security vulnerabilities

0

It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing. A privileged attacker in the guest could exploit this to read arbitrary files on the host. Updated packages are available from security.ubuntu.com.

July 23, 2011 11:48 Ubuntu: New Nagios packages fix security vulnerabilities

0

Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages are available from security.ubuntu.com.

July 22, 2011 14:57 Ubuntu: New GIMP packages fix security vulnerabilities

0

Nils Philippsen discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. Updated packages are available from security.ubuntu.com.

July 22, 2011 14:56 Ubuntu: New libmodplug packages fix security vulnerabilities

0

It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

July 21, 2011 15:45 Ubuntu: New QEMU packages fix security vulnerabilities

0

It was discovered that QEMU did not properly perform validation of I/O operations from the guest which could lead to heap corruption. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Nelson Elhage discoverd that QEMU did not properly handle memory when removing ISA devices. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Updated packages are available from security.ubuntu.com.

July 21, 2011 15:43 Ubuntu: New Linux packages fix security vulnerabilities

0

Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

July 12, 2011 19:50 Ubuntu: New Subversion packages fix security vulnerabilities

0

Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. A remote attacker could use this flaw to cause the service to consume all available resources, leading to a denial of service. Kamesh Jayachandran discovered that the Subversion mod_dav_svn module for Apache did not properly handle access control in certain situations. A remote user could use this flaw to gain access to files that would otherwise be unreadable. Updated packages are available from security.ubuntu.com.

July 09, 2011 15:28 Ubuntu: New Dovecot packages fix security vulnerabilities

0

It was discovered that the message header parser in Dovecot did not properly handle ‘\0’ characters in header names. This could allow a remote attacker to cause a denial of service through a crafted email message by crashing the Dovecot daemon or corrupting mailboxes. Updated packages are available from security.ubuntu.com.

July 09, 2011 14:25 Ubuntu: New GDM packages fix security vulnerabilities

0

Henne Vogelsang discovered that under certain PolicyKit configurations, GDM could be made to launch a browser. A local attacker could exploit this to gain access to files with the privileges of the gdm user. PolicyKit is not configured in this manner in Ubuntu by default. Updated packages are available from security.ubuntu.com.

July 01, 2011 08:45 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service.

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges.

Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service.

Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges.

Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory.

Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would consume large amounts of CPU, leading to a denial of service.

Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. Updated packages are available from security.ubuntu.com.

June 29, 2011 05:38 Ubuntu: New PAM packages fix security vulnerabilities

0

Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. Updated packages are available from security.ubuntu.com.

June 29, 2011 05:35 Ubuntu: New Bind packages fix security vulnerabilities

0

It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

June 28, 2011 05:22 Ubuntu: New DBus-GLib packages fix security vulnerabilities

0

It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service. Updated packages are available from security.ubuntu.com.

June 28, 2011 05:14 Ubuntu: New Eucalyptus packages fix security vulnerabilities

0

Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered that Eucalyptus did not properly validate SOAP requests. An unauthenticated remote attacker could exploit this to submit arbitrary commands to the Eucalyptus SOAP interface in the context of an authenticated user. Updated packages are available from security.ubuntu.com.

June 27, 2011 09:40 Ubuntu: New Cyrus IMAP packages fix security vulnerabilities

0

It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Updated packages are available from security.ubuntu.com.

June 27, 2011 09:38 Ubuntu: New Exim packages fix security vulnerabilities

0

It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user. Updated packages are available from security.ubuntu.com.

June 27, 2011 09:38 Ubuntu: New rdesktop packages fix security vulnerabilities

0

It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user’s filesystem. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.