Ubuntu Security Notice USN-1454-1

25th May, 2012

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 8.04 LTS

Summary

The system could be made to crash or become unresponsive under certain conditions.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.04 LTS:

linux-image-2.6.24-31-powerpc 2.6.24-31.101

linux-image-2.6.24-31-sparc64 2.6.24-31.101

linux-image-2.6.24-31-virtual 2.6.24-31.101

linux-image-2.6.24-31-server 2.6.24-31.101

linux-image-2.6.24-31-hppa32 2.6.24-31.101

linux-image-2.6.24-31-lpiacompat 2.6.24-31.101

linux-image-2.6.24-31-rt 2.6.24-31.101

linux-image-2.6.24-31-powerpc-smp 2.6.24-31.101

linux-image-2.6.24-31-generic 2.6.24-31.101

linux-image-2.6.24-31-hppa64 2.6.24-31.101

linux-image-2.6.24-31-powerpc64-smp 2.6.24-31.101

linux-image-2.6.24-31-mckinley 2.6.24-31.101

linux-image-2.6.24-31-lpia 2.6.24-31.101

linux-image-2.6.24-31-itanium 2.6.24-31.101

linux-image-2.6.24-31-openvz 2.6.24-31.101

linux-image-2.6.24-31-386 2.6.24-31.101

linux-image-2.6.24-31-sparc64-smp 2.6.24-31.101

linux-image-2.6.24-31-xen 2.6.24-31.101

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4086

Ubuntu Security Notice USN-1453-1

25th May, 2012

linux-ec2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ec2 - Linux kernel for EC2

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual
cpu setup. An unprivileged local user could exploit this flaw to crash the
system leading to a denial of service. (CVE-2012-1601)

Steve Grubb reported a flaw with Linux fscaps (file system base
capabilities) when used to increase the permissions of a process. For
application on which fscaps are in use a local attacker can disable address
space randomization to make attacking the process with raised privileges
easier. (CVE-2012-2123)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-345-ec2 2.6.32-345.48

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4086, CVE-2012-1601, CVE-2012-2123

Ubuntu Security Notice USN-1452-1

25th May, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual
cpu setup. An unprivileged local user could exploit this flaw to crash the
system leading to a denial of service. (CVE-2012-1601)

Steve Grubb reported a flaw with Linux fscaps (file system base
capabilities) when used to increase the permissions of a process. For
application on which fscaps are in use a local attacker can disable address
space randomization to make attacking the process with raised privileges
easier. (CVE-2012-2123)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

linux-image-3.0.0-20-generic-pae 3.0.0-20.34

linux-image-3.0.0-20-powerpc 3.0.0-20.34

linux-image-3.0.0-20-server 3.0.0-20.34

linux-image-3.0.0-20-omap 3.0.0-20.34

linux-image-3.0.0-20-generic 3.0.0-20.34

linux-image-3.0.0-20-powerpc-smp 3.0.0-20.34

linux-image-3.0.0-20-powerpc64-smp 3.0.0-20.34

linux-image-3.0.0-20-virtual 3.0.0-20.34

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2012-1601, CVE-2012-2123

Ubuntu Security Notice USN-1451-1

24th May, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Applications using OpenSSL in certain situations could be made to crash or expose sensitive information.

Software description

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

Ivan Nestlerode discovered that the Cryptographic Message Syntax
(CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)

It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libssl1.0.0 1.0.1-4ubuntu5.2

openssl 1.0.1-4ubuntu5.2

Ubuntu 11.10:

libssl1.0.0 1.0.0e-2ubuntu4.6

openssl 1.0.0e-2ubuntu4.6

Ubuntu 11.04:

libssl0.9.8 0.9.8o-5ubuntu1.7

openssl 0.9.8o-5ubuntu1.7

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.13

openssl 0.9.8k-7ubuntu8.13

Ubuntu 8.04 LTS:

libssl0.9.8 0.9.8g-4ubuntu3.19

openssl 0.9.8g-4ubuntu3.19

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0884, CVE-2012-2333

Ubuntu Security Notice USN-1450-1

23rd May, 2012

net-snmp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Net-SNMP could be made to crash if it received specially crafted network traffic.

Software description

• net-snmp - SNMP (Simple Network Management Protocol) server and applications

Details

It was discovered that Net-SNMP incorrectly performed entry lookups in the
extension table. A remote attacker could send a specially crafted request
and cause the SNMP server to crash, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libsnmp15 5.4.3~dfsg-2.4ubuntu1.1

Ubuntu 11.10:

libsnmp15 5.4.3~dfsg-2.2ubuntu1.1

Ubuntu 11.04:

libsnmp15 5.4.3~dfsg-2ubuntu1.1

Ubuntu 10.04 LTS:

libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.2

Ubuntu 8.04 LTS:

libsnmp15 5.4.1~dfsg-4ubuntu4.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2141

Ubuntu Security Notice USN-1449-1

22nd May, 2012

feedparser vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS

Summary

Applications using feedparser could be made to crash if they fetched a specially crafted feed.

Software description

• feedparser - Universal Feed Parser for Python

Details

It was discovered that feedparser did not properly sanitize ENTITY
declarations in encoded fields. A remote attacker could exploit this to
cause a denial of service via memory exhaustion.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

python3-feedparser 5.1-0ubuntu3.1

python-feedparser 5.1-0ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2921

Ubuntu Security Notice USN-1448-1

21st May, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual
cpu setup. An unprivileged local user could exploit this flaw to crash the
system leading to a denial of service. (CVE-2012-1601)

Steve Grubb reported a flaw with Linux fscaps (file system base
capabilities) when used to increase the permissions of a process. For
application on which fscaps are in use a local attacker can disable address
space randomization to make attacking the process with raised privileges
easier. (CVE-2012-2123)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

linux-image-3.2.0-24-generic-pae 3.2.0-24.38

linux-image-3.2.0-24-powerpc64-smp 3.2.0-24.38

linux-image-3.2.0-24-generic 3.2.0-24.38

linux-image-3.2.0-24-virtual 3.2.0-24.38

linux-image-3.2.0-24-omap 3.2.0-24.38

linux-image-3.2.0-24-powerpc-smp 3.2.0-24.38

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2012-1601, CVE-2012-2123

Ubuntu Security Notice USN-1447-1

21st May, 2012

libxml2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file.

Software description

• libxml2 - GNOME XML library

Details

Juri Aedla discovered that libxml2 contained an off by one error in its
XPointer functionality. If a user or application linked against libxml2
were tricked into opening a specially crafted XML file, an attacker could
cause the application to crash or possibly execute arbitrary code with the
privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libxml2 2.7.8.dfsg-5.1ubuntu4.1

Ubuntu 11.10:

libxml2 2.7.8.dfsg-4ubuntu0.3

Ubuntu 11.04:

libxml2 2.7.8.dfsg-2ubuntu0.4

Ubuntu 10.04 LTS:

libxml2 2.7.6.dfsg-1ubuntu1.5

Ubuntu 8.04 LTS:

libxml2 2.6.31.dfsg-2ubuntu1.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-3102

Ubuntu Security Notice USN-1446-1

17th May, 2012

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ti-omap4 - Linux kernel for OMAP4

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local
unprivileged user, or a privileged user within a KVM guest, could exploit
this flaw to crash the system. (CVE-2012-1179)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

linux-image-3.0.0-1209-omap4 3.0.0-1209.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179

Ubuntu Security Notice USN-1445-1

17th May, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual
cpu setup. An unprivileged local user could exploit this flaw to crash the
system leading to a denial of service. (CVE-2012-1601)

Steve Grubb reported a flaw with Linux fscaps (file system base
capabilities) when used to increase the permissions of a process. For
application on which fscaps are in use a local attacker can disable address
space randomization to make attacking the process with raised privileges
easier. (CVE-2012-2123)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-41-server 2.6.32-41.89

linux-image-2.6.32-41-lpia 2.6.32-41.89

linux-image-2.6.32-41-ia64 2.6.32-41.89

linux-image-2.6.32-41-generic-pae 2.6.32-41.89

linux-image-2.6.32-41-virtual 2.6.32-41.89

linux-image-2.6.32-41-386 2.6.32-41.89

linux-image-2.6.32-41-powerpc 2.6.32-41.89

linux-image-2.6.32-41-sparc64 2.6.32-41.89

linux-image-2.6.32-41-sparc64-smp 2.6.32-41.89

linux-image-2.6.32-41-powerpc-smp 2.6.32-41.89

linux-image-2.6.32-41-preempt 2.6.32-41.89

linux-image-2.6.32-41-powerpc64-smp 2.6.32-41.89

linux-image-2.6.32-41-versatile 2.6.32-41.89

linux-image-2.6.32-41-generic 2.6.32-41.89

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4086, CVE-2012-1601, CVE-2012-2123

Ubuntu Security Notice USN-1444-1

17th May, 2012

backuppc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

BackupPC could be made to expose sensitive information over the network.

Software description

• backuppc - high-performance, enterprise-grade system for backing up PCs

Details

It was discovered that BackupPC did not properly sanitize its input when
processing RestoreFile error messages, resulting in a cross-site
scripting (XSS) vulnerability. With cross-site scripting vulnerabilities,
if a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

backuppc 3.2.1-2ubuntu1.1

Ubuntu 11.10:

backuppc 3.2.1-1ubuntu1.2

Ubuntu 11.04:

backuppc 3.2.0-3ubuntu4.3

Ubuntu 10.04 LTS:

backuppc 3.1.0-9ubuntu1.3

Ubuntu 8.04 LTS:

backuppc 3.0.0-4ubuntu1.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-5081

Ubuntu Security Notice USN-1443-1

17th May, 2012

update-manager vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04

Summary

Update Manager could expose sensitive information in certain circumstances.

Software description

• update-manager - GNOME application that manages apt updates

Details

It was discovered that Update Manager created system state archive files
with incorrect permissions when upgrading releases. A local user could
possibly use this to read repository credentials. (CVE-2012-0948)

Felix Geyer discovered that the Update Manager Apport hook incorrectly
uploaded certain system state archive files to Launchpad when reporting
bugs. This could possibly result in repository credentials being included
in public bug reports. (CVE-2012-0949)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

update-manager-core 1:0.156.14.4

Ubuntu 11.10:

update-manager-core 1:0.152.25.11

Ubuntu 11.04:

update-manager-core 1:0.150.5.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0948, CVE-2012-0949

Ubuntu Security Notice USN-1442-1

16th May, 2012

sudo vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Sudo could allow users to run arbitrary programs as the administrator.

Software description

• sudo - Provide limited super user privileges to specific users

Details

It was discovered that sudo incorrectly handled network masks when using Host
and Host_List. A local user who is listed in sudoers may be allowed to run
commands on unintended hosts when IPv4 network masks are used to grant access.
A local attacker could exploit this to bypass intended access restrictions. Host
and Host_List are not used in the default installation of Ubuntu.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

sudo-ldap 1.8.3p1-1ubuntu3.2

sudo 1.8.3p1-1ubuntu3.2

Ubuntu 11.10:

sudo-ldap 1.7.4p6-1ubuntu2.1

sudo 1.7.4p6-1ubuntu2.1

Ubuntu 11.04:

sudo-ldap 1.7.4p4-5ubuntu7.2

sudo 1.7.4p4-5ubuntu7.2

Ubuntu 10.04 LTS:

sudo-ldap 1.7.2p1-1ubuntu5.4

sudo 1.7.2p1-1ubuntu5.4

Ubuntu 8.04 LTS:

sudo-ldap 1.6.9p10-1ubuntu3.9

sudo 1.6.9p10-1ubuntu3.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2337

Ubuntu Security Notice USN-1441-1

15th May, 2012

quagga vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Quagga could be made to crash if it received specially crafted network traffic.

Software description

• quagga - BGP/OSPF/RIP routing daemon

Details

It was discovered that Quagga incorrectly handled Link State Update
messages with invalid lengths. A remote attacker could use this flaw to
cause Quagga to crash, resulting in a denial of service. (CVE-2012-0249,
CVE-2012-0250)

It was discovered that Quagga incorrectly handled messages with a malformed
Four-octet AS Number Capability. A remote attacker could use this flaw to
cause Quagga to crash, resulting in a denial of service. (CVE-2012-0255)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

quagga 0.99.20.1-0ubuntu0.12.04.2

Ubuntu 11.10:

quagga 0.99.20.1-0ubuntu0.11.10.2

Ubuntu 11.04:

quagga 0.99.20.1-0ubuntu0.11.04.2

Ubuntu 10.04 LTS:

quagga 0.99.20.1-0ubuntu0.10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Quagga to make
all the necessary changes.

References

CVE-2012-0249, CVE-2012-0250, CVE-2012-0255

Ubuntu Security Notice USN-1440-1

8th May, 2012

linux-lts-backport-natty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-natty - Linux kernel backport from Natty

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.38-15-generic 2.6.38-15.59~lucid1

linux-image-2.6.38-15-virtual 2.6.38-15.59~lucid1

linux-image-2.6.38-15-generic-pae 2.6.38-15.59~lucid1

linux-image-2.6.38-15-server 2.6.38-15.59~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100

Ubuntu Security Notice USN-1432-1

8th May, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

A flaw was found in the Linux kernel's ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-15-powerpc 2.6.38-15.59

linux-image-2.6.38-15-omap 2.6.38-15.59

linux-image-2.6.38-15-generic-pae 2.6.38-15.59

linux-image-2.6.38-15-server 2.6.38-15.59

linux-image-2.6.38-15-powerpc64-smp 2.6.38-15.59

linux-image-2.6.38-15-virtual 2.6.38-15.59

linux-image-2.6.38-15-versatile 2.6.38-15.59

linux-image-2.6.38-15-generic 2.6.38-15.59

linux-image-2.6.38-15-powerpc-smp 2.6.38-15.59

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2012-1090, CVE-2012-2100

Ubuntu Security Notice USN-1439-1

7th May, 2012

horizon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS

Summary

Horizon could be made to expose sensitive information over the network.

Software description

• horizon - Web interface for OpenStack cloud infrastructure

Details

Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability
in Horizon via the log viewer refrash mechanism. If a user were tricked
into viewing a specially crafted log message, a remote attacker could
exploit this to modify the contents or steal confidential data within the
same domain. (CVE-2012-2094)

Thomas Biege discovered a session fixation vulnerability in Horizon. An
attacker could exploit this to potentially allow access to unauthorized
information and capabilities. (CVE-2012-2144)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

python-django-horizon 2012.1-0ubuntu8.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2094, CVE-2012-2144

Ubuntu Security Notice USN-1437-1

4th May, 2012

php5 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server.

Software description

• php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP, when used as a stand alone CGI processor
for the Apache Web Server, did not properly parse and filter query
strings. This could allow a remote attacker to execute arbitrary code
running with the privilege of the web server. Configurations using
mod_php5 and FastCGI were not vulnerable.

This update addresses the issue when the PHP CGI interpreter
is configured using mod_cgi and mod_actions as described in
/usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate
configuration is used to enable PHP CGI processing, it should be
reviewed to ensure that command line arguments cannot be passed to
the PHP interpreter. Please see CVE-2012-2311 for more details and
potential mitigation approaches.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

php5-cgi 5.3.10-1ubuntu3.1

Ubuntu 11.10:

php5-cgi 5.3.6-13ubuntu3.7

Ubuntu 11.04:

php5-cgi 5.3.5-1ubuntu7.8

Ubuntu 10.04 LTS:

php5-cgi 5.3.2-1ubuntu4.15

Ubuntu 8.04 LTS:

php5-cgi 5.2.4-2ubuntu5.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1823, CVE-2012-2311

Ubuntu Security Notice USN-1430-3

4th May, 2012

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

USN-1430-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.

Original advisory details:

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

thunderbird 12.0.1+build1-0ubuntu0.12.04.1

Ubuntu 11.10:

thunderbird 12.0.1+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

thunderbird 12.0.1+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

thunderbird 12.0.1+build1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479, LP: 987305

Ubuntu Security Notice USN-1438-1

3rd May, 2012

nova vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10

Summary

Nova could be made to crash the system under certain conditions.

Software description

• nova - OpenStack Compute cloud infrastructure

Details

Dan Prince discovered that Nova did not enforce quotas for security groups
and rules added to security groups. An authenticated user could exploit
this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

python-nova 2012.1-0ubuntu2.1

Ubuntu 11.10:

python-nova 2011.3-0ubuntu6.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2101

Ubuntu Security Notice USN-1436-1

2nd May, 2012

libtasn1-3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Libtasn1 could be made to crash or run programs as your login if it received specially crafted input.

Software description

• libtasn1-3 - Library to manage ASN.1 structures

Details

Matthew Hall discovered that Libtasn1 incorrectly handled certain large
values. An attacker could exploit this with a specially crafted ASN.1
structure and cause a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libtasn1-3 2.10-1ubuntu1.1

Ubuntu 11.10:

libtasn1-3 2.9-4ubuntu0.1

Ubuntu 11.04:

libtasn1-3 2.7-1ubuntu1.1

Ubuntu 10.04 LTS:

libtasn1-3 2.4-1ubuntu0.1

Ubuntu 8.04 LTS:

libtasn1-3 1.1-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1569

Ubuntu Security Notice USN-1435-1

1st May, 2012

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• imagemagick - Image manipulation programs and library

Details

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick
incorrectly handled certain ResolutionUnit tags. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2012-0247, CVE-2012-1185)

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick
incorrectly handled certain IFD structures. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service.
(CVE-2012-0248, CVE-2012-1186)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or
automated system using ImageMagick were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of service.
(CVE-2012-0259)

It was discovered that ImageMagick incorrectly handled certain JPEG EXIF
tags. If a user or automated system using ImageMagick were tricked into
opening a specially crafted image, an attacker could exploit this to cause
a denial of service or possibly execute code with the privileges of the
user invoking the program. (CVE-2012-1610)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or
automated system using ImageMagick were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of service
or possibly execute code with the privileges of the user invoking the
program. (CVE-2012-1798)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libmagick++4 8:6.6.9.7-5ubuntu3.1

imagemagick 8:6.6.9.7-5ubuntu3.1

Ubuntu 11.10:

imagemagick 8:6.6.0.4-3ubuntu1.1

libmagick++3 8:6.6.0.4-3ubuntu1.1

Ubuntu 11.04:

imagemagick 7:6.6.2.6-1ubuntu4.1

libmagick++3 7:6.6.2.6-1ubuntu4.1

Ubuntu 10.04 LTS:

imagemagick 7:6.5.7.8-1ubuntu1.2

libmagick++2 7:6.5.7.8-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798

Ubuntu Security Notice USN-1434-1

1st May, 2012

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Samba could allow a user to gain administrative privileges to the Samba server.

Software description

• samba - SMB/CIFS file, print, and login server for Unix

Details

Ivano Cristofolini discovered that Samba incorrectly handled some Local
Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated
attacker could exploit this to grant administrative privileges to arbitrary
users. The administrative privileges could be used to bypass permission checks
performed by the Samba server.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

samba 2:3.6.3-2ubuntu2.1

Ubuntu 11.10:

samba 2:3.5.11~dfsg-1ubuntu2.3

Ubuntu 11.04:

samba 2:3.5.8~dfsg-1ubuntu2.5

Ubuntu 10.04 LTS:

samba 2:3.4.7~dfsg-1ubuntu3.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you may need to review the privileges of Samba
user accounts.

References

CVE-2012-2111

Ubuntu Security Notice USN-1433-1

1st May, 2012

linux-lts-backport-oneiric vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local
unprivileged user, or a privileged user within a KVM guest, could exploit
this flaw to crash the system. (CVE-2012-1179)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-19-generic-pae 3.0.0-19.33~lucid1

linux-image-3.0.0-19-server 3.0.0-19.33~lucid1

linux-image-3.0.0-19-generic 3.0.0-19.33~lucid1

linux-image-3.0.0-19-virtual 3.0.0-19.33~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179

Ubuntu Security Notice USN-1431-1

30th April, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local
unprivileged user, or a privileged user within a KVM guest, could exploit
this flaw to crash the system. (CVE-2012-1179)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

linux-image-3.0.0-19-generic-pae 3.0.0-19.33

linux-image-3.0.0-19-powerpc 3.0.0-19.33

linux-image-3.0.0-19-server 3.0.0-19.33

linux-image-3.0.0-19-omap 3.0.0-19.33

linux-image-3.0.0-19-generic 3.0.0-19.33

linux-image-3.0.0-19-powerpc-smp 3.0.0-19.33

linux-image-3.0.0-19-powerpc64-smp 3.0.0-19.33

linux-image-3.0.0-19-virtual 3.0.0-19.33

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179

Ubuntu Security Notice USN-1430-2

27th April, 2012

ubufox update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

This update provides compatible ubufox packages for the latest Firefox.

Software description

• ubufox - Ubuntu Firefox specific configuration defaults and apt support

Details

USN-1430-1 fixed vulnerabilities in Firefox. This update provides an
updated ubufox package for use with the latest Firefox.

Original advisory details:

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xul-ext-ubufox 1.0.4-0ubuntu1

Ubuntu 11.04:

xul-ext-ubufox 0.9.5-0ubuntu1

Ubuntu 10.04 LTS:

xul-ext-ubufox 0.9.5-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 987262

Ubuntu Security Notice USN-1430-1

27th April, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Firefox.

Software description

• firefox - Mozilla Open Source web browser

Details

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

firefox 12.0+build1-0ubuntu0.12.04.1

Ubuntu 11.10:

firefox 12.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

firefox 12.0+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

firefox 12.0+build1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479, LP: 987262

Ubuntu Security Notice USN-1429-1

26th April, 2012

jetty vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Jetty could be made to hang or crash if it received specially crafted network traffic.

Software description

• jetty - Java servlet engine and webserver

Details

It was discovered that Jetty computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

libjetty-java 6.1.24-6ubuntu0.11.04.1

Ubuntu 10.04 LTS:

libjetty-java 6.1.22-1ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4461

Ubuntu Security Notice USN-1428-1

24th April, 2012

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file.

Software description

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL
0.9.8. A remote attacker could trigger this flaw in services that used SSL
to cause a denial of service or possibly execute arbitrary code with
application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)

The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()
to sometimes return the wrong error condition. This update fixes the
problem.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libssl1.0.0 1.0.0e-2ubuntu4.5

Ubuntu 11.04:

libssl0.9.8 0.9.8o-5ubuntu1.5

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.11

Ubuntu 8.04 LTS:

libssl0.9.8 0.9.8g-4ubuntu3.18

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-2131

Ubuntu Security Notice USN-1427-1

24th April, 2012

mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Several security issues were fixed in MySQL.

Software description

• mysql-5.1 - MySQL database
• mysql-dfsg-5.0 - MySQL database
• mysql-dfsg-5.1 - MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and
Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

mysql-server-5.1 5.1.62-0ubuntu0.11.10.1

Ubuntu 11.04:

mysql-server-5.1 5.1.62-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

mysql-server-5.1 5.1.62-0ubuntu0.10.04.1

Ubuntu 8.04 LTS:

mysql-server-5.0 5.0.96-0ubuntu1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 965523

Ubuntu Security Notice USN-1426-1

24th April, 2012

linux-ec2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ec2 - Linux kernel for EC2

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-345-ec2 2.6.32-345.47

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097

Ubuntu Security Notice USN-1425-1

24th April, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-41-server 2.6.32-41.88

linux-image-2.6.32-41-lpia 2.6.32-41.88

linux-image-2.6.32-41-ia64 2.6.32-41.88

linux-image-2.6.32-41-generic-pae 2.6.32-41.88

linux-image-2.6.32-41-virtual 2.6.32-41.88

linux-image-2.6.32-41-386 2.6.32-41.88

linux-image-2.6.32-41-powerpc 2.6.32-41.88

linux-image-2.6.32-41-sparc64 2.6.32-41.88

linux-image-2.6.32-41-sparc64-smp 2.6.32-41.88

linux-image-2.6.32-41-powerpc-smp 2.6.32-41.88

linux-image-2.6.32-41-preempt 2.6.32-41.88

linux-image-2.6.32-41-powerpc64-smp 2.6.32-41.88

linux-image-2.6.32-41-versatile 2.6.32-41.88

linux-image-2.6.32-41-generic 2.6.32-41.88

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097

Ubuntu Security Notice USN-1400-5

20th April, 2012

gsettings-desktop-schemas regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Firefox's ability to use system proxy settings regressed.

Software description

• gsettings-desktop-schemas - GSettings desktop-wide schemas

Details

USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using
GSettings to access the system proxy settings. If there is a GSettings
proxy settings schema, Firefox will consume it. The GSettings proxy
settings schema that was shipped by default was unused by other
applications and broke Firefox's ability to use system proxy settings. This
update removes the unused schema. We apologize for the inconvenience.

Original advisory details:

Soroush Dalili discovered that Firefox did not adequately protect against
dropping JavaScript links onto a frame. A remote attacker could, through
cross-site scripting (XSS), exploit this to modify the contents or steal
confidential data. (CVE-2012-0455)

Atte Kettunen discovered a use-after-free vulnerability in Firefox's
handling of SVG animations. An attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2012-0457)

Atte Kettunen discovered an out of bounds read vulnerability in Firefox's
handling of SVG Filters. An attacker could potentially exploit this to make
data from the user's memory accessible to the page content. (CVE-2012-0456)

Mike Brooks discovered that using carriage return line feed (CRLF)
injection, one could introduce a new Content Security Policy (CSP) rule
which allows for cross-site scripting (XSS) on sites with a separate header
injection vulnerability. With cross-site scripting vulnerabilities, if a
user were tricked into viewing a specially crafted page, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-0451)

Mariusz Mlynski discovered that the Home button accepted JavaScript links
to set the browser Home page. An attacker could use this vulnerability to
get the script URL loaded in the privileged about:sessionrestore context.
(CVE-2012-0458)

Daniel Glazman discovered that the Cascading Style Sheets (CSS)
implementation is vulnerable to crashing due to modification of a keyframe
followed by access to the cssText of the keyframe. If the user were tricked
into opening a specially crafted web page, an attacker could exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0459)

Matt Brubeck discovered that Firefox did not properly restrict access to
the window.fullScreen object. If the user were tricked into opening a
specially crafted web page, an attacker could potentially use this
vulnerability to spoof the user interface. (CVE-2012-0460)

Bob Clary, Christian Holler, Jesse Ruderman, Michael Bebenita, David
Anderson, Jeff Walden, Vincenzo Iozzo, and Willem Pinckaers discovered
memory safety issues affecting Firefox. If the user were tricked into
opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0461,
CVE-2012-0462, CVE-2012-0464)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

gsettings-desktop-schemas 3.0.0-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 956961

Ubuntu Security Notice USN-1424-1

19th April, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file.

Software description

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that OpenSSL could be made to dereference a NULL pointer
when processing S/MIME messages. A remote attacker could use this to cause
a denial of service. These issues did not affect Ubuntu 8.04 LTS.
(CVE-2006-7250, CVE-2012-1165)

Tavis Ormandy discovered that OpenSSL did not properly perform bounds
checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a
denial of service or possibly execute arbitrary code with application
privileges. (CVE-2012-2110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libssl1.0.0 1.0.0e-2ubuntu4.4

Ubuntu 11.04:

libssl0.9.8 0.9.8o-5ubuntu1.4

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.10

Ubuntu 8.04 LTS:

libssl0.9.8 0.9.8g-4ubuntu3.17

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2006-7250, CVE-2012-1165, CVE-2012-2110

Ubuntu Security Notice USN-1423-1

12th April, 2012

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Samba could be made to run programs as the administrator if it received specially crafted network traffic.

Software description

• samba - SMB/CIFS file, print, and login server for Unix

Details

Brian Gorenc discovered that Samba incorrectly calculated array bounds when
handling remote procedure calls (RPC) over the network. A remote,
unauthenticated attacker could exploit this to execute arbitrary code as the
root user. (CVE-2012-1182)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

samba 2:3.5.11~dfsg-1ubuntu2.2

Ubuntu 11.04:

samba 2:3.5.8~dfsg-1ubuntu2.4

Ubuntu 10.04 LTS:

samba 2:3.4.7~dfsg-1ubuntu3.9

Ubuntu 8.04 LTS:

samba 3.0.28a-1ubuntu4.18

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1182

Ubuntu Security Notice USN-1422-1

12th April, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-14-generic 2.6.38-14.58

linux-image-2.6.38-14-powerpc-smp 2.6.38-14.58

linux-image-2.6.38-14-virtual 2.6.38-14.58

linux-image-2.6.38-14-omap 2.6.38-14.58

linux-image-2.6.38-14-server 2.6.38-14.58

linux-image-2.6.38-14-generic-pae 2.6.38-14.58

linux-image-2.6.38-14-powerpc 2.6.38-14.58

linux-image-2.6.38-14-powerpc64-smp 2.6.38-14.58

linux-image-2.6.38-14-versatile 2.6.38-14.58

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146

Ubuntu Security Notice USN-1421-1

12th April, 2012

linux-lts-backport-maverick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-maverick - Linux kernel backport from Maverick

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.35-32-virtual 2.6.35-32.68~lucid1

linux-image-2.6.35-32-server 2.6.35-32.68~lucid1

linux-image-2.6.35-32-generic-pae 2.6.35-32.68~lucid1

linux-image-2.6.35-32-generic 2.6.35-32.68~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146

Ubuntu Security Notice USN-1420-1

11th April, 2012

nvidia-graphics-drivers, nvidia-graphics-drivers-173, nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

NVIDIA graphics drivers could be made to run programs as an administrator.

Software description

• nvidia-graphics-drivers - NVIDIA binary Xorg driver
• nvidia-graphics-drivers-173 - NVIDIA binary Xorg driver
• nvidia-graphics-drivers-173-updates - NVIDIA binary Xorg driver
• nvidia-graphics-drivers-updates - NVIDIA binary Xorg driver

Details

It was discovered that the NVIDIA graphics drivers could be reconfigured to
gain access to arbitrary system memory. A local attacker could use this
issue to possibly gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

nvidia-173-updates 173.14.30-0ubuntu5.1

nvidia-173 173.14.30-0ubuntu8.1

nvidia-current-updates 280.13-0ubuntu5.1

nvidia-current 280.13-0ubuntu6.1

Ubuntu 11.04:

nvidia-173 173.14.30-0ubuntu1.1

nvidia-current 270.41.06-0ubuntu1.1

Ubuntu 10.04 LTS:

nvidia-173 173.14.22-0ubuntu11.1

nvidia-current 195.36.24-0ubuntu1~10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0946

Ubuntu Security Notice USN-1419-1

11th April, 2012

puppet vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in puppet.

Software description

• puppet - Centralized configuration management

Details

It was discovered that Puppet used a predictable filename when downloading Mac
OS X package files. A local attacker could exploit this to overwrite arbitrary
files. (CVE-2012-1906)

It was discovered that Puppet incorrectly handled filebucket retrieval
requests. A local attacker could exploit this to read arbitrary files.
(CVE-2012-1986)

It was discovered that Puppet incorrectly handled filebucket store requests. A
local attacker could exploit this to perform a denial of service via resource
exhaustion. (CVE-2012-1987)

It was discovered that Puppet incorrectly handled filebucket requests. A local
attacker could exploit this to execute arbitrary code via a crafted file path.
(CVE-2012-1988)

It was discovered that Puppet used a predictable filename for the Telnet
connection log file. A local attacker could exploit this to overwrite arbitrary
files. This issue only affected Ubuntu 11.10. (CVE-2012-1989)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

puppet-common 2.7.1-1ubuntu3.6

Ubuntu 11.04:

puppet-common 2.6.4-2ubuntu2.9

Ubuntu 10.04 LTS:

puppet-common 0.25.4-2ubuntu6.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989

Ubuntu Security Notice USN-1418-1

5th April, 2012

gnutls13, gnutls26 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

The GnuTLS library could be made to crash under certain conditions.

Software description

• gnutls13 - the GNU TLS library - commandline utilities
• gnutls26 - the GNU TLS library - commandline utilities

Details

Alban Crequy discovered that the GnuTLS library incorrectly checked array
bounds when copying TLS session data. A remote attacker could crash a client
application, leading to a denial of service, as the client application prepared
for TLS session resumption. (CVE-2011-4128)

Matthew Hall discovered that the GnuTLS library incorrectly handled TLS
records. A remote attacker could crash client and server applications, leading
to a denial of service, by sending a crafted TLS record. (CVE-2012-1573)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libgnutls26 2.10.5-1ubuntu3.1

Ubuntu 11.04:

libgnutls26 2.8.6-1ubuntu2.1

Ubuntu 10.10:

libgnutls26 2.8.6-1ubuntu0.1

Ubuntu 10.04 LTS:

libgnutls26 2.8.5-2ubuntu0.1

Ubuntu 8.04 LTS:

libgnutls13 2.0.4-1ubuntu2.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4128, CVE-2012-1573

Ubuntu Security Notice USN-1417-1

5th April, 2012

libpng vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

libpng could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• libpng - PNG (Portable Network Graphics) file library

Details

It was discovered that libpng incorrectly handled certain memory
operations. If a user or automated system using libpng were tricked into
opening a specially crafted image, an attacker could exploit this to cause
a denial of service or execute code with the privileges of the user
invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libpng12-0 1.2.46-3ubuntu1.3

Ubuntu 11.04:

libpng12-0 1.2.44-1ubuntu3.4

Ubuntu 10.10:

libpng12-0 1.2.44-1ubuntu0.4

Ubuntu 10.04 LTS:

libpng12-0 1.2.42-1ubuntu2.5

Ubuntu 8.04 LTS:

libpng12-0 1.2.15~beta5-3ubuntu0.7

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2011-3048

Ubuntu Security Notice USN-1416-1

4th April, 2012

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• tiff - Tag Image File Format (TIFF) library

Details

Alexander Gavrun discovered that the TIFF library incorrectly allocated
space for a tile. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. (CVE-2012-1173)

It was discovered that the tiffdump utility incorrectly handled directory
data structures with many directory entries. If a user or automated system
were tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges. This issue only applied to
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2010-4665)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libtiff4 3.9.5-1ubuntu1.1

Ubuntu 11.04:

libtiff4 3.9.4-5ubuntu6.1

Ubuntu 10.10:

libtiff4 3.9.4-2ubuntu0.5

Ubuntu 10.04 LTS:

libtiff4 3.9.2-2ubuntu0.8

Ubuntu 8.04 LTS:

libtiff4 3.8.2-7ubuntu3.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2010-4665, CVE-2012-1173

Ubuntu Security Notice USN-1400-4

3rd April, 2012

thunderbird regressions

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

USN-1400-3 introduced regressions in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird
version caused a regression in IMAP connections and mail filtering. This
update fixes the problem.

Original advisory details:

Soroush Dalili discovered that Firefox did not adequately protect against
dropping JavaScript links onto a frame. A remote attacker could, through
cross-site scripting (XSS), exploit this to modify the contents or steal
confidential data. (CVE-2012-0455)

Atte Kettunen discovered a use-after-free vulnerability in Firefox's
handling of SVG animations. An attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2012-0457)

Atte Kettunen discovered an out of bounds read vulnerability in Firefox's
handling of SVG Filters. An attacker could potentially exploit this to make
data from the user's memory accessible to the page content. (CVE-2012-0456)

Mike Brooks discovered that using carriage return line feed (CRLF)
injection, one could introduce a new Content Security Policy (CSP) rule
which allows for cross-site scripting (XSS) on sites with a separate header
injection vulnerability. With cross-site scripting vulnerabilities, if a
user were tricked into viewing a specially crafted page, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain. (CVE-2012-0451)

Mariusz Mlynski discovered that the Home button accepted JavaScript links
to set the browser Home page. An attacker could use this vulnerability to
get the script URL loaded in the privileged about:sessionrestore context.
(CVE-2012-0458)

Daniel Glazman discovered that the Cascading Style Sheets (CSS)
implementation is vulnerable to crashing due to modification of a keyframe
followed by access to the cssText of the keyframe. If the user were tricked
into opening a specially crafted web page, an attacker could exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0459)

Matt Brubeck discovered that Firefox did not properly restrict access to
the window.fullScreen object. If the user were tricked into opening a
specially crafted web page, an attacker could potentially use this
vulnerability to spoof the user interface. (CVE-2012-0460)

Bob Clary, Christian Holler, Jesse Ruderman, Michael Bebenita, David
Anderson, Jeff Walden, Vincenzo Iozzo, and Willem Pinckaers discovered
memory safety issues affecting Firefox. If the user were tricked into
opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0461,
CVE-2012-0462, CVE-2012-0464)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

thunderbird 11.0.1+build1-0ubuntu0.11.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

LP: 962631, http://www.ubuntu.com/usn/usn-1400-3/

Ubuntu Security Notice USN-1414-1

2nd April, 2012

aptdaemon vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04

Summary

An attacker could trick Aptdaemon into installing altered packages.

Software description

• aptdaemon - transaction based package management service

Details

It was discovered that Aptdaemon incorrectly handled installing packages
without performing a transaction simulation. An attacker could possibly use
this flaw to install altered packages.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

python-aptdaemon 0.43+bzr697-0ubuntu1.2

Ubuntu 11.04:

python-aptdaemon 0.41+bzr661-0ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0944

Ubuntu Security Notice USN-1197-8

29th March, 2012

ca-certificates-java regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

USN-1197-7 introduced a regression in ca-certificates-java.

Software description

• ca-certificates-java - Common CA certificates (JKS keystore)

Details

USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package
broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Dutch Certificate Authority DigiNotar had
mis-issued multiple fraudulent certificates. These certificates could allow
an attacker to perform a "man in the middle" (MITM) attack which would make
the user believe their connection is secure, but is actually being
monitored.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

ca-certificates-java 20110912ubuntu3.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 967961

Ubuntu Security Notice USN-1413-1

29th March, 2012

nova vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Nova log files could be made to exhaust storage resources.

Software description

• nova - OpenStack Compute cloud infrastructure

Details

Dan Prince discovered that Nova did not properly perform input validation on
the length of server names. An authenticated attacker could issue requests
using long server names to exhaust the storage resources containing the Nova
API log file.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

python-nova 2011.3-0ubuntu6.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1585

Ubuntu Security Notice USN-1412-1

29th March, 2012

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan)
and be2net drivers. An attacker on the local network could exploit this
flaw to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

linux-image-3.0.0-17-powerpc-smp 3.0.0-17.30

linux-image-3.0.0-17-generic 3.0.0-17.30

linux-image-3.0.0-17-virtual 3.0.0-17.30

linux-image-3.0.0-17-generic-pae 3.0.0-17.30

linux-image-3.0.0-17-omap 3.0.0-17.30

linux-image-3.0.0-17-powerpc64-smp 3.0.0-17.30

linux-image-3.0.0-17-server 3.0.0-17.30

linux-image-3.0.0-17-powerpc 3.0.0-17.30

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-3347

Ubuntu Security Notice USN-1197-7

27th March, 2012

ca-certificates-java vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

A certificate authority mis-issued fraudulent certificates.

Software description

• ca-certificates-java - Common CA certificates (JKS keystore)

Details

USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch
Certificate Authority DigiNotar mis-issuing fraudulent certificates.
This update provides the corresponding update for ca-certificates-java.

Original advisory details:

It was discovered that Dutch Certificate Authority DigiNotar had
mis-issued multiple fraudulent certificates. These certificates could allow
an attacker to perform a "man in the middle" (MITM) attack which would make
the user believe their connection is secure, but is actually being
monitored.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

ca-certificates-java 20110912ubuntu3.1

Ubuntu 11.04:

ca-certificates-java 20100412ubuntu0.11.04.1

Ubuntu 10.10:

ca-certificates-java 20100412ubuntu0.10.10.1

Ubuntu 10.04 LTS:

ca-certificates-java 20100406ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any application using
ca-certificates-java to make all the necessary changes.

References

LP: 920758

Ubuntu Security Notice USN-1409-1

27th March, 2012

linux-lts-backport-oneiric vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan)
and be2net drivers. An attacker on the local network could exploit this
flaw to cause a denial of service. (CVE-2011-3347)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-17-server 3.0.0-17.30~lucid1

linux-image-3.0.0-17-generic 3.0.0-17.30~lucid1

linux-image-3.0.0-17-virtual 3.0.0-17.30~lucid1

linux-image-3.0.0-17-generic-pae 3.0.0-17.30~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-3347

Ubuntu Security Notice USN-1406-1

27th March, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

This USN was released in error and has been removed.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-13-powerpc 2.6.38-13.57

linux-image-2.6.38-13-powerpc64-smp 2.6.38-13.57

linux-image-2.6.38-13-generic-pae 2.6.38-13.57

linux-image-2.6.38-13-versatile 2.6.38-13.57

linux-image-2.6.38-13-generic 2.6.38-13.57

linux-image-2.6.38-13-virtual 2.6.38-13.57

linux-image-2.6.38-13-server 2.6.38-13.57

linux-image-2.6.38-13-omap 2.6.38-13.57

linux-image-2.6.38-13-powerpc-smp 2.6.38-13.57

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.