Articles / Ubuntu

All articles tagged with Ubuntu

October 19, 2012 11:27 Ubuntu: Security update for Horizon

0

Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.

Updated packages are available from security.ubuntu.com.

October 19, 2012 11:25 Ubuntu: Security update for Keystone

0

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.

Updated packages are available from security.ubuntu.com.

October 17, 2012 19:37 Ubuntu: Security update for GIMP

0

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. Matthias Weckbecker discovered that GIMP incorrectly handled malformed GIF image files. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

Updated packages are available from security.ubuntu.com.

October 17, 2012 19:36 Ubuntu: Security update for Django

0

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. Jeroen Dekkers discovered that Django incorrectly handled certain image dimensions. A remote attacker could use this flaw to cause the server to consume resources, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

October 12, 2012 06:59 Ubuntu: Security update for the Linux kernel

0

Some errors where discovered in the Linux kernel’s UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:37 Ubuntu: Security update for the Linux kernel

0

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:36 Ubuntu: Security update for the Linux kernel

0

A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:35 Ubuntu: Security update for OpenJDK

0

It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions.

Updated packages are available from security.ubuntu.com.

October 10, 2012 07:34 Ubuntu: Security update for OpenStack Keystone

0

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users’ tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. Derek Higgins discovered that OpenStack Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that has been disabled or has a changed password.

Updated packages are available from security.ubuntu.com.

October 08, 2012 05:30 Ubuntu: Security update for Thunderbird

0

Security researchers discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Mariusz Mlynsk discovered that it is possible to shadow the location object using Object.defineProperty. This could potentially result in a cross-site scripting (XSS) attack against plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted E-Mail, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain.

Frédéric Hoguin discovered that bitmap format images with a negative height could potentially result in memory corruption. If the user were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that Thunderbird’s WebGL implementation was vulnerable to multiple memory safety issues. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Arthur Gerkis discovered multiple memory safety issues in Thunderbird’s Scalable Vector Graphics (SVG) implementation. If the user were tricked into opening a specially crafted image, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Christoph Diehl discovered multiple memory safety issues in the bundled Graphite 2 library. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Nicolas Grégoire discovered an out-of-bounds read in the format-number feature of XSLT. This could potentially cause inaccurate formatting of numbers and information leakage. It was discovered that when the DOMParser is used to parse text/html data in a Thunderbird extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and potentially be combined with other attacks to become exploitable.

It was discovered that, in some instances, certain security checks in the location object could be bypassed. This could allow for the loading of restricted content and can potentially be combined with other issues to become exploitable. Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Updated packages are available from security.ubuntu.com.

October 08, 2012 05:25 Ubuntu: Security update for Firefox

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mariusz Mlynsk discovered that it is possible to shadow the location object using Object.defineProperty. This could potentially result in a cross-site scripting (XSS) attack against plugins. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents or steal confidential data within the same domain.

Mariusz Mlynski discovered an escalation of privilege vulnerability through about:newtab. This could possibly lead to potentially code execution with the privileges of the user invoking Firefox. Frédéric Hoguin discovered that bitmap format images with a negative height could potentially result in memory corruption. If the user were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Firefox’s WebGL implementation was vulnerable to multiple memory safety issues. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Arthur Gerkis discovered multiple memory safety issues in Firefox’s Scalable Vector Graphics (SVG) implementation. If the user were tricked into opening a specially crafted image, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Christoph Diehl discovered multiple memory safety issues in the bundled Graphite 2 library. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Nicolas Grégoire discovered an out-of-bounds read in the format-number feature of XSLT. This could potentially cause inaccurate formatting of numbers and information leakage.

Mark Goodwin discovered that under certain circumstances, Firefox’s developer tools could allow remote debugging even when disabled. It was discovered that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and potentially be combined with other attacks to become exploitable. Mark Poticha discovered that under certain circumstances incorrect SSL certificate information can be displayed on the addressbar, showing the SSL data for a previous site while another has been loaded. This could potentially be used for phishing attacks.

It was discovered that, in some instances, certain security checks in the location object could be bypassed. This could allow for the loading of restricted content and can potentially be combined with other issues to become exploitable. Colby Russell discovered that eval in the web console can execute injected code with chrome privileges, leading to the running of malicious code in a privileged context. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

October 05, 2012 07:00 Ubuntu: Security update for libGData

0

Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol. Updated packages are available from security.ubuntu.com.

October 05, 2012 06:54 Ubuntu: Security update for libgc

0

It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

October 01, 2012 07:46 Ubuntu: Security update for ImageMagick

0

Tom Lane discovered that ImageMagick would not always properly allocate memory. If a user or automated system using ImageMagick were tricked into opening a specially crafted PNG image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 28, 2012 06:35 Ubuntu: Security update for Config::IniFiles

0

It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files. Updated packages are available from security.ubuntu.com.

September 28, 2012 06:34 Ubuntu: Security update for PostgreSQL

0

Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.

Updated packages are available from security.ubuntu.com.

September 26, 2012 07:23 Ubuntu: Security update for NSS

0

Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash. Updated packages are available from security.ubuntu.com.

September 24, 2012 12:58 Ubuntu: Security update for LibreOffice

0

It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 24, 2012 12:57 Ubuntu: Security update for OpenOffice.org

0

It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 21, 2012 06:20 Ubuntu: Security update for the Linux kernel

0

A flaw was discovered in the macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in how the KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

A flaw was found in the Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Ulrich Obergfell discovered an error in the memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Dan Rosenberg discovered flaws in the NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code.

A flaw was discovered in the epoll system call. An unprivileged local user could use this flaw to crash the system. Some errors where discovered in the UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system.

Updated packages are available from security.ubuntu.com.

September 21, 2012 06:19 Ubuntu: Security update for Expat

0

It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources.

Updated packages are available from security.ubuntu.com.

September 21, 2012 06:18 Ubuntu: Security update for Calligra

0

It was discovered that Calligra incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 21, 2012 06:17 Ubuntu: Security update for KOffice

0

It was discovered that KOffice incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 21, 2012 06:16 Ubuntu: Security update for WebKit

0

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Updated packages are available from security.ubuntu.com.

September 17, 2012 07:37 Ubuntu: Security update for the NVIDIA graphics drivers

0

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to gain root privileges. Updated packages are available from security.ubuntu.com.

September 17, 2012 07:37 Ubuntu: Security update for the NVIDIA graphics drivers

0

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to gain root privileges. Updated packages are available from security.ubuntu.com.

September 14, 2012 13:45 Ubuntu: Security update for QEMU

0

It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest. Updated packages are available from security.ubuntu.com.

September 12, 2012 07:36 Ubuntu: Security update for IcedTea-Web

0

Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

September 10, 2012 06:43 Ubuntu: Security update for krb5

0

Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service.

It was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information.

Updated packages are available from security.ubuntu.com.

September 07, 2012 07:02 Ubuntu: Security update for ISC DHCP

0

Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.