Articles / Ubuntu

All articles tagged with Ubuntu

August 24, 2010 09:02 Ubuntu: New Kernel packages fix security vulnerabilities

0

It was discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as demonstrated in attacks against the X server. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges. Updated packages are available from security.ubuntu.com.

August 24, 2010 08:44 Ubuntu: New KOffice packages fix security vulnerabilities

0

It was discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

August 24, 2010 08:42 Ubuntu: New FreeType packages fix security vulnerabilities

0

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

August 17, 2010 13:16 Ubuntu: New OpenJDK packages fix security vulnerabilities

0

It was discovered that the IcedTea plugin did not correctly check certain accesses. If a user or automated system were tricked into running a specially crafted Java applet, a remote attacker could read arbitrary files with user privileges, leading to a loss of privacy. Updated packages are available from security.ubuntu.com.

August 17, 2010 13:10 Ubuntu: New GnuPG2 packages fix security vulnerabilities

0

It was discovered that GPGSM in GnuPG2 did not correctly handle certificates with a large number of Subject Alternate Names. If a user or automated system were tricked into processing a specially crafted certificate, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

August 10, 2010 14:41 Ubuntu: New OpenLDAP packages fix security vulnerabilities

0

Using the Codenomicon LDAPv3 test suite, it was discovered that the slap_modrdn2mods function in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. Updated packages are available from security.ubuntu.com.

August 10, 2010 13:47 Ubuntu: New w3m packages fix security vulnerabilities

0

Ludwig Nussel discovered w3m does not properly handle SSL/TLS certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Updated packages are available from security.debian.org.

August 10, 2010 13:43 Ubuntu: New PCSC-Lite packages fix security vulnerabilities

0

It was discovered that the PC/SC service did not correctly handle malformed messages. A local attacker could exploit this to execute arbitrary code with root privileges. Updated packages are available from security.ubuntu.com.

August 10, 2010 13:32 Ubuntu: New Linux Kernel packages fix security vulnerabil...

0

Several privilege escalation and denial of service vulnerabilities have been discovered in the Linux kernel. Junjiro R. Okajima discovered that knfsd did not correctly handle strict overcommit. It was discovered that SCTP did not correctly handle invalid parameters. Mario Mikocevic discovered that GFS2 did not correctly handle certain quota structures. Toshiyuki Okajima discovered that the kernel keyring did not correctly handle dead keyrings. Brad Spengler discovered that Sparc did not correctly implement non-executable stacks. Dan Rosenberg discovered that the btrfs clone function did not correctly validate permissions. Dan Rosenberg discovered that GFS2 set_flags function did not correctly validate permissions. Shi Weihua discovered that btrfs xattr_set_acl function did not correctly validate permissions. Andre Osterhues discovered that eCryptfs did not correctly calculate hash values. Updated packages are available from security.ubuntu.com.

July 27, 2010 18:59 Ubuntu: New Likewise Open packages fix security vulnerabi...

0

Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. Updated packages are available from security.ubuntu.com.

July 27, 2010 18:58 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. Updated packages are available from security.ubuntu.com.

July 27, 2010 18:55 Ubuntu: New Firefox packages fix security vulnerabilities

0

Several flaws were discovered in the browser engine of Firefox. Among other problems, if a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

July 20, 2010 13:26 Ubuntu: New FreeType packages fix security vulnerabilities

0

Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

July 20, 2010 13:24 Ubuntu: New VTE packages fix security vulnerabilities

0

Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. Updated packages are available from security.ubuntu.com.

July 20, 2010 13:17 Ubuntu: New Ghostscript packages fix security vulnerabili...

0

David Srbecky discovered that Ghostscript incorrectly handled debug logging. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript incorrectly handled certain malformed files. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

July 13, 2010 18:23 Ubuntu: New libpng packages fix security vulnerabilities

0

It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

July 13, 2010 18:21 Ubuntu: New PAM packages fix security vulnerabilities

0

Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges. Updated packages are available from security.ubuntu.com.

July 13, 2010 18:17 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

Martin Barbella discovered an integer overflow in an XSLT node sorting routine, causing a denial of service. An integer overflow was discovered in Thunderbird causing a denial of service. Several flaws were discovered in the browser engine of Thunderbird, causing a denial of service. If was discovered that Thunderbird could be made to access freed memory, causing a denial of service. Updated packages are available from security.ubuntu.com.

July 06, 2010 12:25 Ubuntu: New sudo packages fix security issues

0

Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path (the default in Ubuntu). A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable. Updated packages are available from security.ubuntu.com.

July 06, 2010 12:19 Ubuntu: New Firefox packages fix security issues

0

If was discovered that Firefox could be made to access freed memory, which could cause a denial of service or possibly execute arbitrary code. Several flaws were discovered in the browser engine of Firefox, which could cause a denial of service or possibly execute arbitrary code. A flaw was discovered in the way plugin instances interacted, which could allow the execution of arbitrary code. An integer overflow was discovered in Firefox, which could cause a denial of service or possibly execute arbitrary code. Martin Barbella discovered an integer overflow in an XSLT node sorting routine, which could cause a denial of service or possibly execute arbitrary code. Michal Zalewski discovered that the focus behavior of Firefox could be subverted, which a remote attacker could use to capture keystrokes. Ilja van Sprundel discovered that the ‘Content-Disposition: attachment’ HTTP header was ignored when ‘Content-Type: multipart’ was also present,which could lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough, which an attacker could use to identify and track users across different web sites. Updated packages are available from security.ubuntu.com.

June 22, 2010 14:42 Ubuntu: New TIFF packages fix security issues

0

Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Updated packages are available from security.ubuntu.com.

June 22, 2010 14:40 Ubuntu: New CUPS packages fix security issues

0

Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data. Updated packages are available from security.ubuntu.com.

June 22, 2010 14:38 Ubuntu: New OPIE packages fix security issues

0

Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

June 22, 2010 14:37 Ubuntu: New fastjar packages fix security issues

0

Dan Rosenberg discovered that fastjar incorrectly handled file paths containing “..” when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. Updated packages are available from security.ubuntu.com.

June 22, 2010 14:32 Ubuntu: New Samba packages fix security issues

0

Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user. Updated packages are available from security.ubuntu.com.

June 15, 2010 06:08 Ubuntu: New MySQL packages fix security issues

0

It was discovered that MySQL did not check privileges before uninstalling plugins. An authenticated user could uninstall arbitrary plugins, bypassing intended restrictions. It was discovered that MySQL could be made to delete another user’s data and index files. An authenticated user could use symlinks combined with the DROP TABLE command to possibly bypass privilege checks. It was discovered that MySQL incorrectly validated the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially- crafted table name to bypass privilege checks and possibly access other tables. Eric Day discovered that MySQL incorrectly handled certain network packets. A remote attacker could exploit this flaw and cause the server to consume all available resources, resulting in a denial of service. It was discovered that MySQL performed incorrect bounds checking on the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially-crafted table name to cause a denial of service or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

June 15, 2010 06:06 Ubuntu: New OpenOffice.org packages fix security issues

0

Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

June 07, 2010 12:32 Ubuntu: New GnuTLS packages fix security issues

0

It was discovered that GnuTLS did not always properly verify the hash algorithm of X.509 certificates. If an application linked against GnuTLS processed a crafted certificate, an attacker could make GnuTLS dereference a NULL pointer and cause a DoS via application crash. Updated packages are available from security.ubuntu.com.

June 07, 2010 12:23 Ubuntu: New Kernel packages fix security issues

0

Various denial of service vulnerabilities have been discovered in the Linux kernel. The Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel, the r8169 network driver did not correctly check the size of Ethernet frames, SCTP did not correctly validate certain chunks, IPv6 did not correctly handle certain TUN packets, GFS2 did not correctly handle certain locks, network virtio in KVM did not correctly handle certain high-traffic conditions, the Bluetooth subsystem did not correctly handle large amounts of traffic, the sound driver for the AMD780V did not correctly handle certain conditions, the DVB driver did not correctly handle certain MPEG2-TS frames, NFS did not correctly handle truncation under certain conditions, automount of NFS did not correctly handle symlinks under certain conditions, ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory, CIFS did not correctly validate arguments when creating new files, the TTY layer did not correctly release process IDs, TIPC did not correctly check its internal state, IPv6 did not correctly handle certain settings when listening, the Out-Of-Memory handler did not correctly handle certain arrangements of processes, all leading to a denial of service. KVM did not correctly limit certain privileged IO accesses on x86, leading to a privilege escalation. The USB subsystem did not correctly handle certain error conditions, leading to a loss of privacy and potentially root privilege escalation. Updated packages are available from security.ubuntu.com.

June 07, 2010 12:22 Ubuntu: New Net-SNMP packages fix security issues

0

The SNMP server did not correctly validate certain UDP clients when using TCP wrappers. Under some situations, a remote attacker could bypass access restrictions and communicate with the SNMP server, potentially leading to a loss of privacy or a denial of service. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.