Articles / Ubuntu

All articles tagged with Ubuntu

March 15, 2010 10:18 Ubuntu: New dpkg packages fix various security issues

0

William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Updated packages are available from security.ubuntu.com.

March 15, 2010 10:16 Ubuntu: New Apache packages fix various security issues

0

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn’t send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. Updated packages are available from security.ubuntu.com.

March 15, 2010 10:11 Ubuntu: New gnome-screensaver packages fix various securi...

0

It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. Updated packages are available from security.ubuntu.com.

March 15, 2010 09:56 Ubuntu: New CUPS packages fix various security issues

0

It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. Updated packages are available from security.ubuntu.com.

February 27, 2010 19:55 Ubuntu: New sudo packages fix various security issues

0

It was discovered that sudo did not properly validate the path for the sudoedit pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. It was discovered that sudo did not reset group permissions when the runas_default configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. Updated packages are available from security.ubuntu.com.

February 27, 2010 19:53 Ubuntu: New squid packages fix various security issues

0

It was discovered that Squid incorrectly handled certain malformed packets received on the HTCP port. A remote attacker could exploit this with a specially-crafted packet and cause Squid to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

February 27, 2010 19:51 Ubuntu: New Openoffice.org packages fix various security ...

0

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Sebastian Apelt and Frank Reißner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. Updated packages are available from security.ubuntu.com.

February 27, 2010 19:47 Ubuntu: New pidgin packages fix various security issues

0

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. Updated packages are available from security.ubuntu.com.

February 20, 2010 18:26 Ubuntu: New Firefox packages fix various security issues

0

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Alin Rad Pop discovered that Firefox’s HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Updated packages are available from security.ubuntu.com.

February 20, 2010 18:24 Ubuntu: New Firefox packages fix various security issues

0

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Alin Rad Pop discovered that Firefox’s HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Updated packages are available from security.ubuntu.com.

February 20, 2010 18:15 Ubuntu: New squid packages fix various security issues

0

It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite loop, resulting in a denial of service. It was discovered that Squid incorrectly handled certain DNS packets. A remote attacker could exploit this with a specially-crafted DNS packet and cause Squid to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

February 20, 2010 18:13 Ubuntu: New ruby packages fix various security issues

0

Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. Updated packages are available from security.ubuntu.com.

February 12, 2010 10:39 Ubuntu: New Tomcat kernel packages fix vulnerabilities

0

It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted. Updated packages are available from security.ubuntu.com.

February 12, 2010 10:28 Ubuntu: New gnome-screensaver packages fix vulnerabilities

0

It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session. Updated packages are available from security.ubuntu.com.

February 12, 2010 10:25 Ubuntu: New MySQL kernel packages fix vulnerabilities

0

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the –html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

February 05, 2010 15:13 Ubuntu: New Linux kernel packages fix vulnerabilities

0

Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures that could crash the system or gain root privileges. It was discovered that FUSE did not correctly check certain requests which could abused to crash the system or possibly gain root privileges. It was discovered that KVM did not correctly decode certain guest instructions, leading to a denial of service It was discovered that the OHCI fireware driver did not correctly handle certain ioctls, which could be exploited to crash the system, or possibly gain root privileges. Tavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files, which could be exploited to gain root privileges. Neil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames, which could be exploited to bypass packet filters, crash the system, or possibly gain root privileges. It was discovered that “print-fatal-signals” reporting could show arbitrary kernel memory contents, which could be exploited, leading to a loss of privacy. Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly handle jumbo frames, which could crash the system, leading to a denial of service. Florian Westphal discovered that bridging netfilter rules could be modified by unprivileged users, leading to a denial of service. Al Viro discovered that certain mremap operations could leak kernel memory, leading to a denial of service. Updated packages are available from security.ubuntu.com.

February 05, 2010 14:43 Ubuntu: New fuse packages fix vulnerabilities

0

Ronald Volgers discovered that FUSE did not correctly check mount locations. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. Updated packages are available from security.ubuntu.com.

February 05, 2010 14:42 Ubuntu: New samba packages fix vulnerabilities

0

Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation. Updated packages are available from security.ubuntu.com.

February 05, 2010 14:38 Ubuntu: New lintian packages fix vulnerabilities

0

It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

January 26, 2010 21:58 Ubuntu: New Expat packages fix vulnerabilities

0

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. Updated packages are available from security.ubuntu.com.

January 26, 2010 21:55 Ubuntu: New gzip packages fix vulnerabilities

0

It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

January 26, 2010 21:38 Ubuntu: New Thai packages fix vulnerabilities

0

Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user’s privileges. Updated packages are available from security.ubuntu.com.

January 26, 2010 21:35 Ubuntu: New Pidgin packages fix vulnerabilities

0

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, which could cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not properly enforce the “require TLS/SSL” setting when connecting to certain older Jabber servers, which could be exploited to view sensitive information. It was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler, which could cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler, which could cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler, which could cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler, which could allow obtaining of arbitrary files via directory traversal. Updated packages are available from security.ubuntu.com.

January 26, 2010 17:10 Ubuntu: New Transmission packages fix vulnerabilities

0

It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal. Updated packages are available from security.ubuntu.com.

January 26, 2010 17:07 Ubuntu: New OpenSSL packages fix vulnerabilities

0

It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service. Updated packages are available from security.ubuntu.com.

January 26, 2010 17:02 Ubuntu: New PHP packages fix vulnerabilities

0

Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. Updated packages are available from security.ubuntu.com.

January 26, 2010 17:01 Ubuntu: New network-manager-applet packages fix vulnerabi...

0

It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users’ network connection passwords and pre-shared keys. Updated packages are available from security.ubuntu.com.

January 26, 2010 16:41 Ubuntu: New GIMP packages fix vulnerabilities

0

Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user’s privileges. Stefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user’s privileges. Updated packages are available from security.ubuntu.com.

January 26, 2010 16:40 Ubuntu: New Kerberos packages fix vulnerabilities

0

Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discovered that the Kerberos Key Distribution Center service did not correctly verify certain network traffic. An unauthenticated remote attacker could send a specially crafted request that would cause the KDC to crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

January 26, 2010 16:39 Ubuntu: New PostgreSQL packages fix vulnerabilities

0

It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.