Articles / Ubuntu

All articles tagged with Ubuntu

December 17, 2011 15:28 Ubuntu: New Kerberos packages fix security vulnerabilities

0

Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC). An authenticated remote attacker could use this to cause a denial of service. Updated packages are available from security.ubuntu.com.

December 15, 2011 10:18 Ubuntu: New colord packages fix security vulnerabilities

0

It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered. Updated packages are available from security.ubuntu.com.

December 15, 2011 10:17 Ubuntu: New vsftpd packages fix security vulnerabilities

0

It was discovered that the 2.6.35 and earlier Linux kernel does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) in applications that require a separate namespace per connection, like vsftpd. This update adjusts vsftpd to only use network namespaces on kernels that are known to be not affected. Updated packages are available from security.ubuntu.com.

December 03, 2011 13:51 Ubuntu: New Linux packages fix security vulnerabilities

0

Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges.

Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. A bug was discovered in the XFS filesystem’s handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges.

Updated packages are available from security.ubuntu.com.

December 01, 2011 13:25 Ubuntu: New Linux packages fix security vulnerabilities

0

Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.

Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Updated packages are available from security.ubuntu.com.

December 01, 2011 13:22 Ubuntu: New APT packages fix security vulnerabilities

0

It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. Updated packages are available from security.ubuntu.com.

November 29, 2011 14:49 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Researchers discovered multiple memory safety bugs in the browser engine used in Thunderbird and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Thunderbird or possibly crash Thunderbird resulting in a denial of service.

It was discovered that Thunderbird could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Thunderbird. Aki Helin discovered that Thunderbird does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Thunderbird, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Thunderbird. It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Thunderbird 5. An attacker could possibly use this to gain elevated privileges within Thunderbird for web content.

Updated packages are available from security.ubuntu.com.

November 29, 2011 14:47 Ubuntu: New Linux packages fix security vulnerabilities

0

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service.

Researchers discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox.

It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content.

Updated packages are available from security.ubuntu.com.

November 27, 2011 13:09 Ubuntu: New KDE utils packages fix security vulnerabilities

0

Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal. Updated packages are available from security.ubuntu.com.

November 27, 2011 13:08 Ubuntu: New Linux packages fix security vulnerabilities

0

Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Updated packages are available from security.ubuntu.com.

November 27, 2011 13:07 Ubuntu: New Pidgin packages fix security vulnerabilities

0

Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service.

Updated packages are available from security.ubuntu.com.

November 27, 2011 13:06 Ubuntu: New Linux packages fix security vulnerabilities

0

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service.

Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges.

Updated packages are available from security.ubuntu.com.

November 25, 2011 10:43 Ubuntu: New Linux packages fix security vulnerabilities

0

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service.

Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.

Yasuaki Ishimatsu discovered a flaw in the kernel’s clock implementation. A local unprivileged attacker could exploit this causing a denial of service.

Updated packages are available from security.ubuntu.com.

November 24, 2011 11:02 Ubuntu: New Freetype packages fix security vulnerabilities

0

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. It was discovered that FreeType did not correctly handle certain malformed CID-keyed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

November 24, 2011 11:00 Ubuntu: New OpenLDAP packages fix security vulnerabilities

0

It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted crafted LDIF entry containing an empty postalAddress. Updated packages are available from security.ubuntu.com.

November 24, 2011 10:59 Ubuntu: New cupshelpers packages fix security vulnerabili...

0

Marc Deslauriers discovered that system-config-printer’s cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories. Updated packages are available from security.ubuntu.com.

November 21, 2011 10:08 Ubuntu: New bind packages fix security vulnerabilities

0

It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

November 21, 2011 10:03 Ubuntu: New OpenJDK packages fix security vulnerabilities

0

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input.

It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code.

It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information.

It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information.

It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections.

Updated packages are available from security.ubuntu.com.

November 19, 2011 08:08 Ubuntu: New Light Display Manager packages fix security v...

0

It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. It was discovered that Light Display Manager incorrectly handled links when adjusting permissions on .Xauthority files. A local attacker could exploit this issue to access arbitrary files, and possibly obtain increased privileges. In the default Ubuntu installation, this would be prevented by the Yama link restrictions. Updated packages are available from security.ubuntu.com.

November 19, 2011 08:05 Ubuntu: New Linux packages fix security vulnerabilities

0

Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could use this flaw to cause Quagga to crash, or possibly execute arbitrary code. Updated packages are available from security.ubuntu.com.

November 17, 2011 06:24 Ubuntu: New Apache packages fix security vulnerabilities

0

It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Samuel Montosa discovered that the ITK Multi-Processing Module for Apache did not properly handle certain configuration sections that specify NiceValue but not AssignUserID, preventing Apache from dropping privileges correctly.

Updated packages are available from security.ubuntu.com.

November 17, 2011 06:23 Ubuntu: New Firefox packages fix security vulnerabilities

0

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash the browser. Updated packages are available from security.ubuntu.com.

November 17, 2011 06:22 Ubuntu: New ClamAV packages fix security vulnerabilities

0

Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

November 17, 2011 06:21 Ubuntu: New radvd packages fix security vulnerabilities

0

Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. A local attacker could exploit this to overwrite certain files on the system, bypassing intended permissions. Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. A remote attacker could exploit this to cause the radvd daemon to crash, resulting in a denial of service.

Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. If used in unicast mode, a remote attacker could cause radvd outages, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

November 15, 2011 07:19 Ubuntu: New libmodplug packages fix security vulnerabilities

0

Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

November 11, 2011 18:41 Ubuntu: New Linux packages fix security vulnerabilities

0

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service.

Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.

Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user.

Updated packages are available from security.ubuntu.com.

November 11, 2011 18:39 Ubuntu: New Tomcat packages fix security vulnerabilities

0

It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. It was discovered that Tomcat incorrectly validated certain request attributes when sendfile is enabled. A local attacker could bypass intended restrictions, or cause the JVM to crash, resulting in a denial of service. It was discovered that Tomcat incorrectly handled certain AJP requests. A remote attacker could use this flaw to spoof requests, bypass authentication, and obtain sensitive information. Updated packages are available from security.ubuntu.com.

November 03, 2011 08:03 Ubuntu: New Empathy packages fix security vulnerabilities

0

It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations. Updated packages are available from security.ubuntu.com.

November 01, 2011 06:14 Ubuntu: New BackupPC packages fix security vulnerabilities

0

It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities. Updated packages are available from security.ubuntu.com.

October 30, 2011 09:06 Ubuntu: New KDE Libs packages fix security vulnerabilities

0

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.