Articles / Ubuntu

All articles tagged with Ubuntu

October 27, 2010 04:19 Ubuntu: New Firefox packages fix security vulnerability

0

Various flaws were discovered in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Updated packages are available from security.ubuntu.com.

October 27, 2010 04:18 Ubuntu: New NSS packages fix security vulnerability

0

Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length. Updated packages are available from security.ubuntu.com.

October 20, 2010 06:28 Ubuntu: New Linux kernel packages fix security vulnerability

0

Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packats. Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. James Chapman discovered that L2TP did not correctly evaluate checksum capabilities. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. Eric Dumazet discovered that many network functions could leak kernel stack contents. Sergey Vlasov discovered that JFS did not correctly handle certain extended attributes. Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. Tavis Ormandy discovered that the session keyring did not correctly check for its parent. Kees Cook discovered that the V4L1 32bit compat interface did not correctly validate certain parameters. Toshiyuki Okajima discovered that ext4 did not correctly check certain parameters. Tavis Ormandy discovered that the AIO subsystem did not correctly validate certain parameters. Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack contents. Tavis Ormandy discovered that the OSS sequencer device did not correctly shut down. Dan Rosenberg discovered that the ROSE driver did not correctly check parameters. Thomas Dreibholz discovered that SCTP did not correctly handle appending packet chunks. Dan Rosenberg discovered that the CD driver did not correctly check parameters. Dan Rosenberg discovered that the Sound subsystem did not correctly validate parameters. Dan Rosenberg discovered that SCTP did not correctly handle HMAC calculations. Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. Updated packages are available from security.ubuntu.com.

October 20, 2010 06:21 Ubuntu: New poppler packages fix security vulnerability

0

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

October 20, 2010 06:20 Ubuntu: New WebKit packages fix security vulnerability

0

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Updated packages are available from security.ubuntu.com.

October 20, 2010 06:18 Ubuntu: New Django packages fix security vulnerability

0

It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages are available from security.ubuntu.com.

October 13, 2010 05:57 Ubuntu: New OpenSSL packages fix security vulnerability

0

It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Updated packages are available from security.ubuntu.com.

October 13, 2010 05:57 Ubuntu: New PostgreSQL packages fix security vulnerability

0

It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote authenticated attacker could exploit this to execute arbitrary code with permissions of a different user, possibly leading to privilege escalation. Updated packages are available from security.ubuntu.com.

October 13, 2010 05:53 Ubuntu: New LVM2 packages fix security vulnerability

0

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:42 Ubuntu: New Kerberos packages fix security vulnerability

0

Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:33 Ubuntu: New Avahi packages fix security vulnerability

0

It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:31 Ubuntu: New libMikMod packages fix security vulnerability

0

It was discovered that libMikMod incorrectly handled songs with different channel counts. If a user were tricked into opening a crafted song file, an attacker could cause a denial of service. It was discovered that libMikMod incorrectly handled certain malformed XM, Impulse Tracker, and Ultratracker files. If a user were tricked into opening a crafted file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:29 Ubuntu: New libHX packages fix security vulnerability

0

It was discovered that libHX incorrectly handled certain parameters to the HX_split function. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with the privileges of the user. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:28 Ubuntu: New Mako packages fix security vulnerability

0

It was discovered that Mako incorrectly filtered single-quote characters when performing html filtering. An attacker could utilize this to perform cross-site scripting attacks. Updated packages are available from security.ubuntu.com.

October 06, 2010 06:26 Ubuntu: New libgdiplus packages fix security vulnerability

0

Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 28, 2010 08:11 Ubuntu: New quassel packages fix security vulnerability

0

Jima discovered that quassel would respond to a single privmsg containing multiple CTCP requests with multiple NOTICEs, possibly resulting in a denial of service against the IRC connection. Updated packages are available from security.ubuntu.com.

September 28, 2010 07:50 Ubuntu: New OpenSSL packages fix security vulnerability

0

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user’s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. Updated packages are available from security.ubuntu.com.

September 21, 2010 05:55 Ubuntu: New PHP packages fix security vulnerability

0

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges. Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. It was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. Stefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables. Updated packages are available from security.ubuntu.com.

September 21, 2010 05:53 Ubuntu: New bzip2 packages fix security vulnerability

0

An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program. Updated packages are available from security.ubuntu.com.

September 21, 2010 05:49 Ubuntu: New Linux kernel packages fix security vulnerability

0

Ben Hawkes discovered that the Linux kernel did not correctly validate memory ranges on 64bit kernels when allocating memory on behalf of 32bit system calls. On a 64bit system, a local attacker could perform malicious multicast getsockopt calls to gain root privileges. Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. Updated packages are available from security.ubuntu.com.

September 21, 2010 05:43 Ubuntu: New samba packages fix security vulnerability

0

Andrew Bartlett discovered that Samba did not correctly validate the length when parsing SIDs. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code with the privileges of the Samba service (smbd). Updated packages are available from security.ubuntu.com.

September 14, 2010 11:41 Ubuntu: New mountall packages fix security vulnerability

0

Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user. Updated packages are available from security.ubuntu.com.

September 14, 2010 11:32 Ubuntu: New LFTP packages fix security vulnerability

0

It was discovered that LFTP incorrectly filtered filenames suggested by Content-Disposition headers. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name, such as a dotfile, and possibly run arbitrary code. Updated packages are available from security.ubuntu.com.

September 14, 2010 11:31 Ubuntu: New sudo packages fix security vulnerability

0

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. Updated packages are available from security.ubuntu.com.

September 07, 2010 11:00 Ubuntu: New wget packages fix security vulnerability

0

It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code. Updated packages are available from security.ubuntu.com.

September 07, 2010 10:47 Ubuntu: New bogofilter packages fix security vulnerability

0

Julius Plenz discovered that bogofilter incorrectly handled certain malformed encodings. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

September 07, 2010 10:44 Ubuntu: New libwww-perl packages fix security vulnerability

0

It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user’s directory. Updated packages are available from security.ubuntu.com.

August 31, 2010 07:41 Ubuntu: New okular packages fix security vulnerabilities

0

Stefan Cornelius of Secunia Research discovered a boundary error during RLE decompression in the TranscribePalmImageToJPEG() function in okular when processing images embedded in PDB files, which can be exploited to cause a heap-based buffer overflow. Updated packages are available from security.ubuntu.com.

August 31, 2010 07:40 Ubuntu: New Tomcat packages fix security vulnerabilities

0

It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests. Updated packages are available from security.ubuntu.com.

August 31, 2010 07:39 Ubuntu: New MoinMoin packages fix security vulnerabilities

0

It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.