Articles / Ubuntu

All articles tagged with Ubuntu

September 07, 2012 07:01 Ubuntu: Security update for Bind

0

Einar Lonn discovered that Bind incorrectly initialized the failing-query cache. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

September 05, 2012 11:55 Ubuntu: Security update for Mono

0

It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.

Updated packages are available from security.ubuntu.com.

September 05, 2012 11:53 Ubuntu: Security update for OpenSSL

0

It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications. Updated packages are available from security.ubuntu.com.

September 03, 2012 06:46 Ubuntu: Security update for the Linux kernel

0

An error was discovered in the Linux kernel’s memory subsystem (hugetlb). An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Updated packages are available from security.ubuntu.com.

September 03, 2012 06:45 Ubuntu: Security update for libexif

0

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code. Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information.

Yunho Kim discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service. Dan Fandrich discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

August 31, 2012 06:05 Ubuntu: Security update for TIFF

0

Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

August 31, 2012 06:04 Ubuntu: Security update for KDE PIM

0

It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened. Updated packages are available from security.ubuntu.com.

August 29, 2012 06:59 Ubuntu: Security update for Thunderbird

0

Security researchers discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks.

Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Thunderbird.

Tony Payne discovered an out-of-bounds memory read in Mozilla’s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. Frédéric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. Bill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird.

Karthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user’s OAuth 2.0 access tokens and OpenID credentials. It was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Thunderbird.

August 29, 2012 06:57 Ubuntu: Security update for Firefox

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Mario Gomes discovered that the address bar may be incorrectly updated. Drag-and-drop events in the address bar may cause the address of the previous site to be displayed while a new page is loaded. An attacker could exploit this to conduct phishing attacks. Abhishek Arya discovered four memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution in the HTML feed view. Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. Tony Payne discovered an out-of-bounds memory read in Mozilla’s color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash. Frédéric Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks.

Bill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Karthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user’s OAuth 2.0 access tokens and OpenID credentials. Matt McCutchen discovered a clickjacking vulnerability in the certificate warning page. A remote attacker could trick a user into accepting a malicious certificate via a crafted certificate warning page.

Mario Gomes and Soroush Dalili discovered that javascript was not filtered out of feed URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. A vulnerability was discovered in the context menu of data: URLs. If the user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Firefox.

Updated packages are available from ftp.redhat.com.

August 24, 2012 07:59 Ubuntu: Security update for Linux kernel

0

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. An error was found in the Linux kernel’s IPv6 netfilter when connection tracking is enabled. A remote attacker could exploit this flaw to crash a system if it is using IPv6 with the nf_contrack_ipv6 kernel module loaded.

Updated packages are available from security.ubuntu.com.

August 24, 2012 07:55 Ubuntu: Security update for OpenJDK

0

It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager’s layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. It was discovered that the SynthLookAndFeel class from Swing in OpenJDK did not properly prevent access to certain UI elements from outside the current application context. An attacker could create a Java application or applet that used this flaw to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions.

It was discovered that OpenJDK runtime library classes could create temporary files with insecure permissions. A local attacker could use this to gain access to sensitive information. It was discovered that OpenJDK did not handle CRLs (Certificate Revocation Lists) properly. A remote attacker could use this to gain access to sensitive information. It was discovered that the OpenJDK HotSpot Virtual Machine did not properly verify the bytecode of the class to be executed. A remote attacker could create a Java application or applet that used this to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions.

It was discovered that the OpenJDK XML (Extensible Markup Language) parser did not properly handle some XML documents. An attacker could create an XML document that caused a denial of service in a Java application or applet parsing the document.

Updated packages are available from security.ubuntu.com.

August 20, 2012 07:35 Ubuntu: Security update for Puppet

0

It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the “Delete” method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. It was discovered that Puppet incorrectly set file permissions on the last_run_report.yaml file. An attacker could use this flaw to access sensitive information.

It was discovered that Puppet incorrectly handled agent certificate names. An attacker could use this flaw to create a specially crafted certificate and trick an administrator into signing a certificate that can then be used to man-in-the-middle agent nodes.

Updated packages are available from security.ubuntu.com.

August 20, 2012 07:34 Ubuntu: Security update for Qt

0

It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Qt did not properly handle greyscale TIFF images. If a Qt application could be made to process a crafted TIFF file, an attacker could cause a denial of service.

Updated packages are available from security.ubuntu.com.

August 20, 2012 07:32 Ubuntu: Security update for Rhythmbox

0

Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. Updated packages are available from security.ubuntu.com.

August 20, 2012 07:31 Ubuntu: Security update for Nova

0

Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service. Updated packages are available from security.ubuntu.com.

August 20, 2012 07:29 Ubuntu: Security update for X.Org X server

0

The X.Org X server could be made to crash if a specially crafted input device was added. Updated packages are available from security.ubuntu.com.

August 17, 2012 09:20 Ubuntu: Security update for Pidgin

0

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

José Valentín Gutiérrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service. Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Ulf Härnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

August 17, 2012 09:15 Debian: Security update for Pidgin

0

Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.

Updated packages are available from security.ubuntu.com.

August 17, 2012 09:13 Ubuntu: Security update for tiff

0

It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:34 Ubuntu: Security update for Nova

0

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. Pádraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:32 Ubuntu: New Libreoffice packages fix security vulnerabili...

0

Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

August 15, 2012 08:30 Ubuntu: New OpenOffice.org packages fix security vulnerab...

0

A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

August 13, 2012 10:54 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

Stephan Mueller reported a flaw in the Linux kernel’s dl2k network driver’s handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. Timo Warns reported multiple flaws in the Linux kernel’s hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

Updated packages are available from security.ubuntu.com.

August 13, 2012 10:53 Ubuntu: New Linux kernel packages fix security vulnerabil...

0

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). Updated packages are available from security.ubuntu.com.

August 13, 2012 10:52 Ubuntu: New AccountsService packages fix security vulnera...

0

Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions. Updated packages are available from security.ubuntu.com.

August 03, 2012 16:51 Ubuntu: New PyCrypto packages fix security vulnerabilities

0

It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys. Updated packages are available from security.debian.org.

August 01, 2012 06:10 Ubuntu: New Network Manager packages fix security vulnera...

0

It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Updated packages are available from security.ubuntu.com.

July 16, 2012 05:25 Ubuntu: New ClamAV packages fix security vulnerabilities

0

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Updated packages are available from security.ubuntu.com.

July 16, 2012 05:22 Ubuntu: New PHP packages fix security vulnerabilities

0

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication.

It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server, or to perform a denial of service. Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. A remote attacker could use this flaw to perform a denial of service, or possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

July 16, 2012 05:18 Ubuntu: New Raptor packages fix security vulnerabilities

0

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user’s system or potentially execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.