Kihozták a kernel csomag javítását a 10.04 LTS verzió IMX51 platformjára: információ szivárgási hibát találtak a TPM adatok kezelésében, a HFS fájlrendszer kezelő DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Kihozták a kernel csomag javítását a 11.04 verzió OMAP4 platformjára: információ szivárgási hibát találtak a TPM adatok kezelésében, a HFS fájlrendszer kezelő DoS-olható, a FUSE kernel modullal a fájlrendszer felcsatolásakor a rendszer DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Különböző kód futtatást eredményező biztonsági hibákat találtak az ffmpeg csomag Matroska, QDM2, VP3, VP5, VP6, VMD és SVQ1 formátum kezelőiben. Több biztonsági hibát találtak a firefox csomagban. A firefox javítása miatt a mozvoikko és ubufox csomagokból is új verziót kellett kiadni. Kihozták a kernel csomag javítását a 11.10 verzióhoz: a HFS fájlrendszer kezelő DoS-olható, buffer overflow hibát találtak az XFS fájlrendszerben, a GHASH message digest algoritmus rossz hibakezelése oops-ot eredményezett, NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor, a Journaling Block Device (JBD) hibája miatt a rendszer DoS-olható, valamint a HFS fájlrendszer egy buffer overflow hibája miatt a támadó root jogokat szerezhet. Kihozták a kernel csomag javítását a 8.04 LTS verzióhoz: információ szivárgási hibát találtak a TPM adatok kezelésében, a HFS fájlrendszer DoS-olható, a b43 meghajtóprogram DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Kihozták a kernel csomag javítását a 10.10 verzió OMAP4 platformjára: információ szivárgási hibát találtak a TPM adatok kezelésében, a HFS fájlrendszer kezelő DoS-olható, a FUSE kernel modullal a fájlrendszer felcsatolásakor a rendszer DoS-olható, a b43 meghajtóprogram DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Kihozták a kernel csomag javítását a 10.04 LTS verzió EC2 platformjára: a HFS fájlrendszer kezelő DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Az OpenStack Nova nem minden esetben ellenőrzi a bejövő kérésekhez tartozó jogosultságokat. Kihozták a kernel csomag javítását a 10.10 verzió DOVE platformjára: a HFS fájlrendszer kezelő DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor. Kihozták a kernel csomag javítását a 11.04 verzió OMAP4 platformjára: a FUSE kernel modullal a fájlrendszer felcsatolásakor a rendszer DoS-olható. Kihozták a kernel csomag javítását a 11.10 verzió OMAP4 platformjára: a HFS fájlrendszer kezelő DoS-olható, buffer overflow hibát találtak az XFS fájlrendszerben, NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor, a Journaling Block Device (JBD) hibája miatt a rendszer DoS-olható, valamint a HFS fájlrendszer egy buffer overflow hibája miatt a támadó root jogokat szerezhet. Kihozták a kernel csomag javítását a 10.04 LTS verzió Maverick backport-jához: információ szivárgási hibát találtak a TPM adatok kezelésében, a HFS fájlrendszer kezelő DoS-olható, valamint NULL deref hibát találtak a security alrendszer felhasználó által definiált kulcsainak kezelésekor.
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1318-1 January 05, 2012 linux-fsl-imx51 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-fsl-imx51: Linux kernel for IMX51 Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.31-612-imx51 2.6.31-612.32 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1318-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-612.32Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1319-1 January 05, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 Summary: Several security issues were fixed in the kernel. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-1209-omap4 2.6.38-1209.20 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1319-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-3353, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.20Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1320-1 January 05, 2012 ffmpeg vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: multimedia player, server and encoder Details: Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3504) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. (CVE-2011-4352) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353) It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libavcodec52 4:0.6-2ubuntu6.3 libavformat52 4:0.6-2ubuntu6.3 Ubuntu 10.04 LTS: libavcodec52 4:0.5.1-1ubuntu1.3 libavformat52 4:0.5.1-1ubuntu1.3 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1320-1 CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579 Package Information: https://launchpad.net/ubuntu/+source/ffmpeg/4:0.6-2ubuntu6.3 https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.1-1ubuntu1.3Attachment: signature.asc
Description: This is a digitally signed message part-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1306-1 January 06, 2012 firefox vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 Summary: Several security issues were fixed in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: firefox 9.0.1+build1-0ubuntu0.11.10.2 Ubuntu 11.04: firefox 9.0.1+build1-0ubuntu0.11.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1306-1 CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665, https://launchpad.net/bugs/906389 Package Information: https://launchpad.net/ubuntu/+source/firefox/9.0.1+build1-0ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/firefox/9.0.1+build1-0ubuntu0.11.04.1Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1306-2 January 06, 2012 mozvoikko, ubufox update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 Summary: This update provides compatible packages for Firefox 9. Software Description: - mozvoikko: Finnish spell-checker extension for Firefox (transitional package - ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Original advisory details: Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: xul-ext-mozvoikko 1.10.0-0ubuntu2.2 xul-ext-ubufox 1.0.2-0ubuntu0.11.10.1 Ubuntu 11.04: xul-ext-mozvoikko 1.10.0-0ubuntu0.11.04.4 xul-ext-ubufox 0.9.3-0ubuntu0.11.04.1 After a standard system update you need to restart Firefox to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1306-2 http://www.ubuntu.com/usn/usn-1306-1 https://launchpad.net/bugs/906389 Package Information: https://launchpad.net/ubuntu/+source/mozvoikko/1.10.0-0ubuntu2.2 https://launchpad.net/ubuntu/+source/ubufox/1.0.2-0ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/mozvoikko/1.10.0-0ubuntu0.11.04.4 https://launchpad.net/ubuntu/+source/ubufox/0.9.3-0ubuntu0.11.04.1Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1322-1 January 09, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132) Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: linux-image-3.0.0-15-generic 3.0.0-15.25 linux-image-3.0.0-15-generic-pae 3.0.0-15.25 linux-image-3.0.0-15-omap 3.0.0-15.25 linux-image-3.0.0-15-powerpc 3.0.0-15.25 linux-image-3.0.0-15-powerpc-smp 3.0.0-15.25 linux-image-3.0.0-15-powerpc64-smp 3.0.0-15.25 linux-image-3.0.0-15-server 3.0.0-15.25 linux-image-3.0.0-15-virtual 3.0.0-15.25 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1322-1 CVE-2011-2203, CVE-2011-4077, CVE-2011-4081, CVE-2011-4110, CVE-2011-4132, CVE-2011-4330 Package Information: https://launchpad.net/ubuntu/+source/linux/3.0.0-15.25Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1323-1 January 11, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 8.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-30-386 2.6.24-30.98 linux-image-2.6.24-30-generic 2.6.24-30.98 linux-image-2.6.24-30-hppa32 2.6.24-30.98 linux-image-2.6.24-30-hppa64 2.6.24-30.98 linux-image-2.6.24-30-itanium 2.6.24-30.98 linux-image-2.6.24-30-lpia 2.6.24-30.98 linux-image-2.6.24-30-lpiacompat 2.6.24-30.98 linux-image-2.6.24-30-mckinley 2.6.24-30.98 linux-image-2.6.24-30-openvz 2.6.24-30.98 linux-image-2.6.24-30-powerpc 2.6.24-30.98 linux-image-2.6.24-30-powerpc-smp 2.6.24-30.98 linux-image-2.6.24-30-powerpc64-smp 2.6.24-30.98 linux-image-2.6.24-30-rt 2.6.24-30.98 linux-image-2.6.24-30-server 2.6.24-30.98 linux-image-2.6.24-30-sparc64 2.6.24-30.98 linux-image-2.6.24-30-sparc64-smp 2.6.24-30.98 linux-image-2.6.24-30-virtual 2.6.24-30.98 linux-image-2.6.24-30-xen 2.6.24-30.98 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1323-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-3359, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.24-30.98Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1325-1 January 11, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: linux-image-2.6.35-903-omap4 2.6.35-903.29 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1325-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-3353, CVE-2011-3359, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.35-903.29Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1324-1 January 11, 2012 linux-ec2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Two security issues were fixed in the kernel. Software Description: - linux-ec2: Linux kernel for EC2 Details: Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-342-ec2 2.6.32-342.43 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1324-1 CVE-2011-2203, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-342.43Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1326-1 January 11, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Nova would allow unintended access to resources over the network. Software Description: - nova: OpenStack Compute cloud infrastructure Details: Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: nova-api 2011.3-0ubuntu6.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1326-1 CVE-2012-0030 Package Information: https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.4Attachment: signature.asc
Description: This is a digitally signed message part-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1328-1 January 13, 2012 linux-mvl-dove vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux-mvl-dove: Linux kernel for DOVE Details: Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: linux-image-2.6.32-422-dove 2.6.32-422.40 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1328-1 CVE-2011-2203, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-mvl-dove/2.6.32-422.40Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1329-1 January 13, 2012 linux-ti-omap4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 Summary: The system could be made to crash under certain conditions. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-1209-omap4 2.6.38-1209.20 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1329-1 CVE-2011-3353 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.20Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1330-1 January 13, 2012 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Several security issues were fixed in the kernel. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132) Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: linux-image-3.0.0-1206-omap4 3.0.0-1206.15 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1330-1 CVE-2011-2203, CVE-2011-4077, CVE-2011-4110, CVE-2011-4132, CVE-2011-4330 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1206.15Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---
--- Begin Message ---========================================================================== Ubuntu Security Notice USN-1332-1 January 13, 2012 linux-lts-backport-maverick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-backport-maverick: Linux kernel backport from Maverick Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.35-32-generic 2.6.35-32.64~lucid1 linux-image-2.6.35-32-generic-pae 2.6.35-32.64~lucid1 linux-image-2.6.35-32-server 2.6.35-32.64~lucid1 linux-image-2.6.35-32-virtual 2.6.35-32.64~lucid1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1332-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-maverick/2.6.35-32.64~lucid1Attachment: signature.asc
Description: OpenPGP digital signature-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--- End Message ---