Feed aggregator

Ubuntu Security Notice USN-1356-1

6th February, 2012

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ti-omap4 - Linux kernel for OMAP4

Details

A flaw was discovered in the XFS filesystem. If a local user mounts a
specially crafted XFS image it could potential execute arbitrary code on
the system. (CVE-2012-0038)

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

A flaw was found in the linux kernels IPv4 IGMP query processing. A remote
attacker could exploit this to cause a denial of service. (CVE-2012-0207)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-1209-omap4 2.6.38-1209.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0038, CVE-2012-0044, CVE-2012-0207

Ubuntu Security Notice USN-1355-3

3rd February, 2012

ubufox and webfav update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

This update provides compatible ubufox and webfav packages for the latest Firefox.

Software description

• ubufox - Ubuntu Firefox specific configuration defaults and apt support
• webfav - Firefox extension for saving web favorites (bookmarks)

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated
ubufox and webfav packages for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:

xul-ext-webfav 1.17-0ubuntu4.1

xul-ext-ubufox 0.9.3-0ubuntu0.10.10.3

Ubuntu 10.04 LTS:

xul-ext-webfav 1.17-0ubuntu3.1

xul-ext-ubufox 0.9.3-0ubuntu0.10.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-2

3rd February, 2012

mozvoikko update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

This update provides compatible Mozvoikko packages for the latest Firefox.

Software description

• mozvoikko - Finnish spell-checker extension for Firefox

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an
updated Mozvoikko package for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xul-ext-mozvoikko 2.0.1-0ubuntu0.11.10.1

Ubuntu 11.04:

xul-ext-mozvoikko 2.0.1-0ubuntu0.11.04.1

Ubuntu 10.10:

xul-ext-mozvoikko 2.0.1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

xul-ext-mozvoikko 2.0.1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-1

3rd February, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Firefox.

Software description

• firefox - Mozilla Open Source web browser

Details

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

firefox 10.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

firefox 10.0+build1-0ubuntu0.11.04.1

Ubuntu 10.10:

firefox 10.0+build1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

firefox 10.0+build1-0ubuntu0.10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450, LP: 923319

Ubuntu Security Notice USN-1354-1

1st February, 2012

usbmuxd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04

Summary

usbmuxd could be made to crash or run programs if it received specially crafted input.

Software description

• usbmuxd - USB multiplexor daemon for iPhone and iPod Touch devices

Details

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libusbmuxd1 1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:

libusbmuxd1 1.0.7-1ubuntu0.11.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0065

Ubuntu Security Notice USN-1352-1

31st January, 2012

software-properties vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Software Properties could be tricked into installing arbitrary PPA GPG keys.

Software description

• software-properties - manage the repositories that you install software from

Details

David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

python-software-properties 0.81.13.3

Ubuntu 11.04:

python-software-properties 0.80.9.1

Ubuntu 10.10:

python-software-properties 0.76.7.1

Ubuntu 10.04 LTS:

python-software-properties 0.75.10.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4407

Ubuntu Security Notice USN-1351-1

31st January, 2012

accountsservice vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

AccountsService could be made to overwrite files as the administrator.

Software description

• accountsservice - query and manipulate user account information

Details

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled
privileges when modifying the language settings on Ubuntu. A local attacker
could exploit this issue to modify arbitrary files, and possibly create a
denial of service or obtain increased privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

accountsservice 0.6.14-1git1ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4406

Ubuntu Security Notice USN-1349-1

26th January, 2012

xorg vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

X could be made to start by a user who lacked appropriate permissions.

Software description

• xorg - X.Org X Window System

Details

It was discovered that the X wrapper incorrectly checked certain console
permissions when launched by unprivileged users. An attacker connected
remotely could use this flaw to start X, bypassing the console permissions
check.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xserver-xorg 1:7.6+7ubuntu7.1

Ubuntu 11.04:

xserver-xorg 1:7.6+4ubuntu3.2

Ubuntu 10.10:

xserver-xorg 1:7.5+6ubuntu3.1

Ubuntu 10.04 LTS:

xserver-xorg 1:7.5+5ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4613

Ubuntu Security Notice USN-1348-1

26th January, 2012

icu vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

ICU could be made to crash or run programs as your login if it opened specially crafted data.

Software description

• icu - International Components for Unicode library

Details

It was discovered that ICU did not properly handle invalid locale data
during Unicode conversion. If an application using ICU processed crafted
data, an attacker could cause it to crash or potentially execute arbitrary
code with the privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libicu44 4.4.2-2ubuntu0.11.10.1

Ubuntu 11.04:

libicu44 4.4.2-2ubuntu0.11.04.1

Ubuntu 10.10:

libicu42 4.2.1-3ubuntu0.10.10.1

Ubuntu 10.04 LTS:

libicu42 4.2.1-3ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4599

Ubuntu Security Notice USN-1342-1

25th January, 2012

linux-lts-backport-oneiric vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

The system could be made to run programs as an administrator.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-15-server 3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic 3.0.0-15.26~lucid1

linux-image-3.0.0-15-virtual 3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic-pae 3.0.0-15.26~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0056

Ubuntu Security Notice USN-1347-1

25th January, 2012

evince vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Evince could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• evince - Document viewer

Details

It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.

In the default installation, attackers would be isolated by the Evince
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

libevdocument3 2.32.0-0ubuntu12.4

Ubuntu 10.10:

libevdocument3 2.32.0-0ubuntu1.2

Ubuntu 10.04 LTS:

libevdocument2 2.30.3-0ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0433

Ubuntu Security Notice USN-1263-2

24th January, 2012

openjdk-6, openjdk-6b18 regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

USN-1263-1 caused a regression when using OpenJDK 6's SSL/TLS implementation.

Software description

• openjdk-6 - Open Source Java implementation
• openjdk-6b18 - Open Source Java implementation

Details

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for
the chosen plaintext attack on the block-wise AES encryption algorithm
(CVE-2011-3389) introduced a regression that caused TLS/SSL connections
to fail when using certain algorithms. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should
not be permitted. (CVE-2011-3377)

Juliano Rizzo and Thai Duong discovered that the block-wise AES
encryption algorithm block-wise as used in TLS/SSL was vulnerable to
a chosen-plaintext attack. This could allow a remote attacker to view
confidential data. (CVE-2011-3389)

It was discovered that a type confusion flaw existed in the in
the Internet Inter-Orb Protocol (IIOP) deserialization code. A
remote attacker could use this to cause an untrusted application
or applet to execute arbitrary code by deserializing malicious
input. (CVE-2011-3521)

It was discovered that the Java scripting engine did not perform
SecurityManager checks. This could allow a remote attacker to cause
an untrusted application or applet to execute arbitrary code with
the full privileges of the JVM. (CVE-2011-3544)

It was discovered that the InputStream class used a global buffer to
store input bytes skipped. An attacker could possibly use this to gain
access to sensitive information. (CVE-2011-3547)

It was discovered that a vulnerability existed in the AWTKeyStroke
class. A remote attacker could cause an untrusted application or applet
to execute arbitrary code. (CVE-2011-3548)

It was discovered that an integer overflow vulnerability existed
in the TransformHelper class in the Java2D implementation. A remote
attacker could use this cause a denial of service via an application
or applet crash or possibly execute arbitrary code. (CVE-2011-3551)

It was discovered that the default number of available UDP sockets for
applications running under SecurityManager restrictions was set too
high. A remote attacker could use this with a malicious application or
applet exhaust the number of available UDP sockets to cause a denial
of service for other applets or applications running within the same
JVM. (CVE-2011-3552)

It was discovered that Java API for XML Web Services (JAX-WS) could
incorrectly expose a stack trace. A remote attacker could potentially
use this to gain access to sensitive information. (CVE-2011-3553)

It was discovered that the unpacker for pack200 JAR files did not
sufficiently check for errors. An attacker could cause a denial of
service or possibly execute arbitrary code through a specially crafted
pack200 JAR file. (CVE-2011-3554)

It was discovered that the RMI registration implementation did not
properly restrict privileges of remotely executed code. A remote
attacker could use this to execute code with elevated privileges.
(CVE-2011-3556, CVE-2011-3557)

It was discovered that the HotSpot VM could be made to crash, allowing
an attacker to cause a denial of service or possibly leak sensitive
information. (CVE-2011-3558)

It was discovered that the HttpsURLConnection class did not
properly perform SecurityManager checks in certain situations. This
could allow a remote attacker to bypass restrictions on HTTPS
connections. (CVE-2011-3560)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.1

icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.1

Ubuntu 11.04:

icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.2

icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.2

Ubuntu 10.10:

openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.3

icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.3

Ubuntu 10.04 LTS:

openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.3

icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java applications
or applets to make all the necessary changes.

References

LP: 891761

Ubuntu Security Notice USN-1346-1

24th January, 2012

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10

Summary

curl could be tricked into injecting arbitrary data if it handled a malicious URL.

Software description

• curl - HTTP, HTTPS, and FTP client and client libraries

Details

Dan Fandrich discovered that curl incorrectly handled URLs containing
embedded or percent-encoded control characters. If a user or automated
system were tricked into processing a specially crafted URL, arbitrary
data could be injected.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libcurl3-nss 7.21.6-3ubuntu3.2

libcurl3-gnutls 7.21.6-3ubuntu3.2

libcurl3 7.21.6-3ubuntu3.2

Ubuntu 11.04:

libcurl3-nss 7.21.3-1ubuntu1.5

libcurl3-gnutls 7.21.3-1ubuntu1.5

libcurl3 7.21.3-1ubuntu1.5

Ubuntu 10.10:

libcurl3-gnutls 7.21.0-1ubuntu1.3

libcurl3 7.21.0-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0036

Ubuntu Security Notice USN-1345-1

24th January, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-13-powerpc 2.6.38-13.54

linux-image-2.6.38-13-powerpc64-smp 2.6.38-13.54

linux-image-2.6.38-13-generic-pae 2.6.38-13.54

linux-image-2.6.38-13-versatile 2.6.38-13.54

linux-image-2.6.38-13-generic 2.6.38-13.54

linux-image-2.6.38-13-virtual 2.6.38-13.54

linux-image-2.6.38-13-server 2.6.38-13.54

linux-image-2.6.38-13-omap 2.6.38-13.54

linux-image-2.6.38-13-powerpc-smp 2.6.38-13.54

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-1162, CVE-2011-2203, CVE-2011-4110

Ubuntu Security Notice USN-1344-1

24th January, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-38-powerpc 2.6.32-38.83

linux-image-2.6.32-38-386 2.6.32-38.83

linux-image-2.6.32-38-sparc64 2.6.32-38.83

linux-image-2.6.32-38-generic-pae 2.6.32-38.83

linux-image-2.6.32-38-preempt 2.6.32-38.83

linux-image-2.6.32-38-lpia 2.6.32-38.83

linux-image-2.6.32-38-sparc64-smp 2.6.32-38.83

linux-image-2.6.32-38-powerpc64-smp 2.6.32-38.83

linux-image-2.6.32-38-versatile 2.6.32-38.83

linux-image-2.6.32-38-generic 2.6.32-38.83

linux-image-2.6.32-38-virtual 2.6.32-38.83

linux-image-2.6.32-38-server 2.6.32-38.83

linux-image-2.6.32-38-powerpc-smp 2.6.32-38.83

linux-image-2.6.32-38-ia64 2.6.32-38.83

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-2203, CVE-2011-4110

Ubuntu Security Notice USN-1343-1

24th January, 2012

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler,
David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia
Knous, and Rober Longson discovered several memory safety issues which
could possibly be exploited to crash Thunderbird or execute arbitrary code
as the user that invoked Thunderbird. (CVE-2011-3660)

Aki Helin discovered a crash in the YARR regular expression library that
could be triggered by javascript in web content. (CVE-2011-3661)

It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Thunderbird. (CVE-2011-3658)

Mario Heiderich discovered it was possible to use SVG animation accessKey
events to detect key strokes even when JavaScript was disabled. A malicious
web page could potentially exploit this to trick a user into interacting
with a prompt thinking it came from Thunderbird in a context where the user
believed scripting was disabled. (CVE-2011-3663)

It was discovered that it was possible to crash Thunderbird when scaling an
OGG <video> element to extreme sizes. (CVE-2011-3665)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

thunderbird 9.0+build2-0ubuntu0.11.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665, LP: 909599

Ubuntu Security Notice USN-1339-1

23rd January, 2012

qemu-kvm vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

A remote attacker could cause QEMU to crash.

Software description

• qemu-kvm - Machine emulator and virtualizer

Details

Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode
packets in the e1000 network driver. A remote attacker could exploit this
to cause a denial of service or possibly execute code with the privileges
of the user invoking the program.

When using QEMU with libvirt or virtualization management software based on
libvirt such as Eucalyptus and OpenStack, QEMU guests are individually
isolated by an AppArmor profile by default in Ubuntu.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

qemu-kvm 0.14.1+noroms-0ubuntu6.2

Ubuntu 11.04:

qemu-kvm 0.14.0+noroms-0ubuntu4.5

Ubuntu 10.10:

qemu-kvm 0.12.5+noroms-0ubuntu7.11

qemu-kvm-extras 0.12.5+noroms-0ubuntu7.11

qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.11

Ubuntu 10.04 LTS:

qemu-kvm 0.12.3+noroms-0ubuntu9.17

qemu-kvm-extras 0.12.3+noroms-0ubuntu9.17

qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.17

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart running virtual machines
which use the e1000 network driver to make all the necessary changes.

References

CVE-2012-0029

Ubuntu Security Notice USN-1341-1

23rd January, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Dan Rosenberg reported an error in the old ABI compatibility layer of ARM
kernels. A local attacker could exploit this flaw to cause a denial of
service or gain root privileges. (CVE-2011-1759)

Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM
partitions. A local user could exploit this to cause a denial of service or
escalate privileges. (CVE-2011-2182)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:

linux-image-2.6.35-32-powerpc64-smp 2.6.35-32.64

linux-image-2.6.35-32-generic-pae 2.6.35-32.64

linux-image-2.6.35-32-versatile 2.6.35-32.64

linux-image-2.6.35-32-generic 2.6.35-32.64

linux-image-2.6.35-32-virtual 2.6.35-32.64

linux-image-2.6.35-32-powerpc-smp 2.6.35-32.64

linux-image-2.6.35-32-powerpc 2.6.35-32.64

linux-image-2.6.35-32-server 2.6.35-32.64

linux-image-2.6.35-32-omap 2.6.35-32.64

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-1162, CVE-2011-1759, CVE-2011-2182, CVE-2011-2203, CVE-2011-4110

Ubuntu Security Notice USN-1340-1

23rd January, 2012

linux-lts-backport-oneiric vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A bug was discovered in the XFS filesystem's handling of pathnames. A local
attacker could exploit this to crash the system, leading to a denial of
service, or gain root privileges. (CVE-2011-4077)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

A flaw was found in the Journaling Block Device (JBD). A local attacker
able to mount ext3 or ext4 file systems could exploit this to crash the
system, leading to a denial of service. (CVE-2011-4132)

Clement Lecigne discovered a bug in the HFS file system bounds checking.
When a malformed HFS file system is mounted a local user could crash the
system or gain root privileges. (CVE-2011-4330)

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-15-server 3.0.0-15.25~lucid1

linux-image-3.0.0-15-generic 3.0.0-15.25~lucid1

linux-image-3.0.0-15-virtual 3.0.0-15.25~lucid1

linux-image-3.0.0-15-generic-pae 3.0.0-15.25~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-2203, CVE-2011-4077, CVE-2011-4110, CVE-2011-4132, CVE-2011-4330, CVE-2012-0044

Ubuntu Security Notice USN-1338-1

23rd January, 2012

rsyslog vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Rsyslog could be made to crash if it processed a specially crafted log message.

Software description

• rsyslog - Enhanced syslogd

Details

Peter Eisentraut discovered that Rsyslog would not properly perform input
validation when configured to use imfile. If an attacker were able to
craft messages in a file that Rsyslog monitored, an attacker could cause a
denial of service. The imfile module is disabled by default in Ubuntu.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

rsyslog 4.6.4-2ubuntu4.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4623