Articles / Ubuntu

All articles tagged with Ubuntu

June 26, 2011 13:02 Ubuntu: New APR packages fix security vulnerabilities

0

Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Updated packages are available from security.ubuntu.com.

June 26, 2011 13:00 Ubuntu: New Linux packages fix security vulnerabilities

0

Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy.

Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. Updated packages are available from security.ubuntu.com.

May 19, 2011 20:34 Ubuntu: New apturl packages fix security vulnerabilities

0

It was discovered that apturl incorrectly handled certain long URLs. If a user were tricked into opening a very long URL, an attacker could cause their desktop session to crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

May 19, 2011 20:26 Ubuntu: New Postfix packages fix security vulnerabilities

0

Thomas Jarosch discovered that Postfix incorrectly handled authentication mechanisms other than PLAIN and LOGIN when the Cyrus SASL library is used. A remote attacker could use this to cause Postfix to crash, leading to a denial of service, or possibly execute arbitrary code as the postfix user. Updated packages are available from security.ubuntu.com.

May 19, 2011 20:23 Ubuntu: New Exim packages fix security vulnerabilities

0

It was discovered that the Exim daemon did not correctly handle format strings in DKIM headers. An unauthenticated remote attacker could send specially crafted email to run arbitrary code as the Exim user. The default compiler options for affected releases reduces the vulnerability to a denial of service under most conditions. Updated packages are available from security.ubuntu.com.

May 19, 2011 14:37 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges.

Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy.

Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges.

Updated packages are available from security.ubuntu.com.

May 19, 2011 14:28 Ubuntu: New Thunderbird packages fix security vulnerabili...

0

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird.

Several memory vulnerabilities were discovered. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird.

Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. It was discovered that there were use-after-free vulnerabilities in Thunderbird’s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird.

Paul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. Chris Evans discovered a vulnerability in Thunderbird’s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.

Updated packages are available from security.ubuntu.com.

May 04, 2011 10:08 Ubuntu: New Perl packages fix security vulnerabilities

0

It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. Updated packages are available from security.ubuntu.com.

May 04, 2011 10:04 Ubuntu: New Vino packages fix security vulnerabilities

0

Kevin Chen discovered that Vino incorrectly handled certain client framebuffer requests. A remote attacker could use this flaw to cause Vino to crash, leading to a denial of service. Updated packages are available from security.ubuntu.com.

May 04, 2011 09:55 Ubuntu: New usb-creator packages fix security vulnerabili...

0

Evan Broder discovered that usb-creator did not properly enforce restrictions when performing privileged disk operations. A local attacker could use this flaw to perform certain disk operations, such as unmount arbitrary mountpoints. Updated packages are available from security.ubuntu.com.

May 04, 2011 09:19 Ubuntu: New Firefox packages fix security vulnerabilities

0

It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox.

Several memory vulnerabilities were discovered. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox.

Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that there were use-after-free vulnerabilities in Firefox’s mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker serving malicious content could exploit this to possibly run arbitrary code as the user running Firefox.

Paul Stone discovered a vulnerability in the handling of Java applets. An attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Firefox. Chris Evans discovered a vulnerability in Firefox’s XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.

Updated packages are available from security.ubuntu.com.

May 04, 2011 09:11 Ubuntu: New PHP packages fix security vulnerabilities

0

Stephane Chazelas discovered that the cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack. Ben Schmidt discovered that a use-after-free vulnerability in the PHP Zend engine could allow an attacker to cause a denial of service (heap memory corruption) or possibly execute arbitrary code.

Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti- aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Maksymilian Arciemowicz discovered that the grapheme_extract function in the PHP Internationalization extension for ICU allow an attacker to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

Maksymilian Arciemowicz discovered that the _zip_name_locate function in the PHP Zip extension does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow an attacker to cause a denial of service. Luca Carettoni discovered that the PHP Exif extension performs an incorrect cast on 64bit platforms, which allows a remote attacker to cause a denial of service. Jose Carlos Norte discovered that an integer overflow in the PHP shmop extension could allow an attacker to cause a denial of service (crash) and possibly read sensitive memory function.

Felipe Pena discovered that a use-after-free vulnerability in the substr_replace function allows an attacker to cause a denial of service (memory corruption) or possibly execute arbitrary code. Felipe Pena discovered multiple format string vulnerabilities in the PHP phar extension. These could allow an attacker to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code. It was discovered that a buffer overflow occurs in the strval function when the precision configuration option has a large value.

It was discovered that an integer overflow in the SdnToJulian function in the PHP Calendar extension could allow an attacker to cause a denial of service (application crash). Tomas Hoger discovered that an integer overflow in the NumberFormatter::setSymbol function in the PHP Intl extension could allow an attacker to cause a denial of service (application crash). It was discovered that multiple memory leaks in the PHP OpenSSL extension might allow a remote attacker to cause a denial of service (memory consumption). Daniel Buschke discovered that the PHP Streams component in PHP handled types improperly, possibly allowing an attacker to cause a denial of service (application crash).

It was discovered that the PHP Zip extension could allow an attacker to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. It was discovered that an integer signedness error in the PHP Zip extension could allow an attacker to cause a denial of service (CPU consumption) via a malformed archive file. Updated packages are available from security.ubuntu.com.

May 04, 2011 08:55 Ubuntu: New PCSC-Lite packages fix security vulnerabilities

0

Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart cards with malformed ATR messages. An attacker having physical access could exploit this with a special smart card and cause a denial of service or execute arbitrary code. Updated packages are available from security.ubuntu.com.

May 04, 2011 08:54 Ubuntu: New rsync packages fix security vulnerabilities

0

It was discovered that rsync incorrectly handled memory when certain recursion, deletion and ownership options were used. If a user were tricked into connecting to a malicious server, a remote attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

April 27, 2011 04:40 Ubuntu: New TIFF packages fix security vulnerabilities

0

It was discovered that the TIFF library incorrectly handled certain JPEG data. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Updated packages are available from security.ubuntu.com.

April 27, 2011 04:35 Ubuntu: New OpenSLP packages fix security vulnerabilities

0

It was discovered that OpenSLP incorrectly handled certain corrupted messages. A remote attacker could send a specially crafted packet to the OpenSLP server and cause it to hang, leading to a denial of service. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:32 Ubuntu: New Policy Kit packages fix security vulnerabilities

0

Neel Mehta discovered that PolicyKit did not correctly verify the user making authorization requests. A local attacker could exploit this to trick pkexec into running applications with root privileges. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:30 Ubuntu: New Kerberos packages fix security vulnerabilities

0

Felipe Ortega discovered that kadmind did not correctly handle password changing error conditions. An unauthenticated remote attacker could exploit this to crash kadmind, leading to a denial of service. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:27 Ubuntu: New language-selector packages fix security vulne...

0

Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:23 Ubuntu: New KDE Network packages fix security vulnerabili...

0

It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:22 Ubuntu: New Postfix packages fix security vulnerabilities

0

It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:03 Ubuntu: New KDE-Libs packages fix security vulnerabilities

0

It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could expoit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Updated packages are available from security.ubuntu.com.

April 20, 2011 08:01 Ubuntu: New GIMP packages fix security vulnerabilities

0

It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges. Updated packages are available from security.ubuntu.com.

April 13, 2011 10:16 Ubuntu: New DHCP packages fix security vulnerabilities

0

Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation. Updated packages are available from security.ubuntu.com.

April 13, 2011 10:10 Ubuntu: New x11-xserver-utils packages fix security vulne...

0

Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation. Updated packages are available from security.ubuntu.com.

April 06, 2011 17:41 Ubuntu: New nss packages fix security vulnerabilities

0

It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse. Updated packages are available from security.ubuntu.com.

April 06, 2011 17:35 Ubuntu: New FFmpeg packages fix security vulnerabilities

0

Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. If a user were tricked into opening a crafted wmv file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

It was discovered that FFmpeg incorrectly handled certain malformed WebM files. If a user were tricked into opening a crafted WebM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. If a user were tricked into opening a crafted RealMedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files. If a user were tricked into opening a crafted VC1 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

April 06, 2011 17:35 Ubuntu: New Linux packages fix security vulnerabilities

0

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service.

Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If a system was using X.25, a remote attacker could exploit this to crash the system, leading to a denial of service. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. A local attacker could exploit this flaw to gain root privileges.

Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. If a local attacker were able to trigger certain kinds of kernel bugs, they could create a specially crafted process to gain root privileges. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks.

Updated packages are available from security.ubuntu.com.

April 06, 2011 17:30 Ubuntu: New tiff packages fix security vulnerabilities

0

Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Updated packages are available from security.ubuntu.com.

April 06, 2011 17:26 Ubuntu: New tex-common packages fix security vulnerabilities

0

Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges. Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

JFreeSVG

A fast, lightweight SVG generator for Java.

Screenshot

Project Spotlight

PHP MIME Mail decoder class

A PHP class to decode email messages.