Articles / Ubuntu

RSS All articles tagged with Ubuntu

May 25, 2012 06:48 Ubuntu: New Samba packages fix security vulnerabilities

0

Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.

Updated packages are available from security.ubuntu.com.

May 25, 2012 06:48 Ubuntu: New ImageMagick packages fix security vulnerabili...

0

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service.

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. It was discovered that ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

May 25, 2012 06:45 Ubuntu: New Linux Kernel packages fix security vulnerabil...

0

A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl. A local user could use this flaw to crash the system causing a denial of service. Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service.

A flaw was discovered in the cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. H. Peter Anvin reported a flaw that could crash the system. A local user could exploit this flaw to crash the system. A flaw was discovered in the cgroups subset. A local attacker could use this flaw to crash the system.

A flaw was found in the handling of paged memory. A local unprivileged user, or a privileged user within a KVM guest, could exploit this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

May 23, 2012 07:08 Ubuntu: New Firefox packages fix security vulnerabilities

0

Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered that invalid frees cause heap corruption in gfxImageSurface. If a user were tricked into opening a malicious Scalable Vector Graphics (SVG) image file, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Anne van Kesteren discovered a potential cross-site scripting (XSS) vulnerability via multibyte content processing errors. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Matias Juntunen discovered a vulnerability in Firefox’s WebGL implementation that potentially allows the reading of illegal video memory. An attacker could possibly exploit this to cause a denial of service via application crash. Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox allowed the address bar to display a different website than the one the user was visiting. This could potentially leave the user vulnerable to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Simone Fabiano discovered that Firefox did not always send correct origin headers when connecting to an IPv6 websites. An attacker could potentially use this to bypass intended access controls. Masato Kinugawa discovered that cross-site scripting (XSS) injection is possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. It was discovered that certain images rendered using WebGL could cause Firefox to crash. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Daniel Divricean discovered a defect in the error handling of JavaScript errors can potentially leak the file names and location of JavaScript files on a server. This could potentially lead to inadvertent information disclosure and a vector for further attacks. Jeroen van der Gun discovered a vulnerability in the way Firefox handled RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused the location bar to be updated with the address of this content, while the main window still displays the previously loaded content. An attacker could potentially exploit this vulnerability to conduct phishing attacks.

Updated packages are available from security.ubuntu.com.

May 21, 2012 07:53 Ubuntu: New Jetty packages fix security vulnerabilities

0

It was discovered that Jetty computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. Updated packages are available from security.ubuntu.com.

May 15, 2012 09:16 Ubuntu: New MySQL packages fix security vulnerabilities

0

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. Updated packages are available from security.ubuntu.com.

May 15, 2012 09:14 Ubuntu: New Linux packages fix security vulnerabilities

0

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl. A local user could use this flaw to crash the system causing a denial of service. Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. A flaw was discovered cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service.

H. Peter Anvin reported a flaw that could crash the system. A local user could exploit this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

May 13, 2012 18:54 Ubuntu: New openssl packages fix security vulnerabilities

0

It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges.

Updated packages are available from security.ubuntu.com.

May 09, 2012 06:46 Ubuntu: New Samba packages fix security vulnerabilities

0

Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. Updated packages are available from security.ubuntu.com.

May 09, 2012 06:03 Ubuntu: New Linux packages fix security vulnerabilities

0

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.

A flaw was discovered in the Linux kernel’s cgroups subset. A local attacker could use this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

May 07, 2012 06:39 Ubuntu: New NVIDIA graphics drivers fix security vulnerab...

0

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges. Updated packages are available from security.ubuntu.com.

May 07, 2012 06:38 Ubuntu: New Puppet packages fix security vulnerabilities

0

It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. It was discovered that Puppet incorrectly handled filebucket store requests. A local attacker could exploit this to perform a denial of service via resource exhaustion.

It was discovered that Puppet incorrectly handled filebucket requests. A local attacker could exploit this to execute arbitrary code via a crafted file path. It was discovered that Puppet used a predictable filename for the Telnet connection log file. A local attacker could exploit this to overwrite arbitrary files.

Updated packages are available from security.ubuntu.com.

May 02, 2012 17:10 Ubuntu: New GnuTLS packages fix security vulnerabilities

0

Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record.

Updated packages are available from security.ubuntu.com.

May 02, 2012 17:09 Ubuntu: New libpng packages fix security vulnerabilities

0

It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Updated packages are available from security.ubuntu.com.

May 02, 2012 17:08 Ubuntu: New tiff packages fix security vulnerabilities

0

Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Updated packages are available from security.ubuntu.com.

April 30, 2012 07:20 Ubuntu: New Nova packages fix security vulnerabilities

0

Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file. Updated packages are available from security.ubuntu.com.

April 27, 2012 08:37 Ubuntu: New Linux packages fix security vulnerabilities

0

Somnath Kotur discovered an error in the Linux kernel’s VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Updated packages are available from security.ubuntu.com.

April 23, 2012 06:14 Ubuntu: New Linux packages fix security vulnerabilities

0

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.

A flaw was discovered in the Linux kernel’s cgroups subset. A local attacker could use this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

April 23, 2012 06:13 Ubuntu: New Linux packages fix security vulnerabilities

0

Somnath Kotur discovered an error in the Linux kernel’s VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Paolo Bonzini discovered a flaw in Linux’s handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service.

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. A flaw was discovered in the Linux kernel’s cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.

A flaw was discovered in the Linux kernel’s cgroups subset. A local attacker could use this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

April 23, 2012 06:12 Ubuntu: New Linux packages fix security vulnerabilities

0

Louis Rilling discovered a flaw in Linux kernel’s clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service. Updated packages are available from security.ubuntu.com.

April 23, 2012 06:11 Ubuntu: New Linux packages fix security vulnerabilities

0

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.

A flaw was discovered in the Linux kernel’s cgroups subset. A local attacker could use this flaw to crash the system.

Updated packages are available from security.ubuntu.com.

April 20, 2012 09:34 Ubuntu: New freetype packages fix security vulnerabilities

0

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. Updated packages are available from security.ubuntu.com.

April 18, 2012 08:43 Ubuntu: New libpng packages fix security vulnerabilities

0

It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

April 16, 2012 06:06 Ubuntu: New Xulrunner packages fix security vulnerabilities

0

It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine’s handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine’s handling of SVG Filters. An attacker could potentially exploit this to make data from the user’s memory accessible to the page content.

Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

April 16, 2012 06:05 Ubuntu: New Firefox packages fix security vulnerabilities

0

Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox’s handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox’s handling of SVG Filters. An attacker could potentially exploit this to make data from the user’s memory accessible to the page content.

Mike Brooks discovered that using carriage return line feed (CRLF) injection, one could introduce a new Content Security Policy (CSP) rule which allows for cross-site scripting (XSS) on sites with a separate header injection vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Daniel Glazman discovered that the Cascading Style Sheets (CSS) implementation is vulnerable to crashing due to modification of a keyframe followed by access to the cssText of the keyframe. If the user were tricked into opening a specially crafted web page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Matt Brubeck discovered that Firefox did not properly restrict access to the window.fullScreen object. If the user were tricked into opening a specially crafted web page, an attacker could potentially use this vulnerability to spoof the user interface. Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

April 12, 2012 08:23 Ubuntu: New Firefox packages fix security vulnerabilities

0

Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox’s handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox’s handling of SVG Filters. An attacker could potentially exploit this to make data from the user’s memory accessible to the page content.

Mike Brooks discovered that using carriage return line feed (CRLF) injection, one could introduce a new Content Security Policy (CSP) rule which allows for cross-site scripting (XSS) on sites with a separate header injection vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Daniel Glazman discovered that the Cascading Style Sheets (CSS) implementation is vulnerable to crashing due to modification of a keyframe followed by access to the cssText of the keyframe. If the user were tricked into opening a specially crafted web page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Matt Brubeck discovered that Firefox did not properly restrict access to the window.fullScreen object. If the user were tricked into opening a specially crafted web page, an attacker could potentially use this vulnerability to spoof the user interface. Security researchers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

Updated packages are available from security.ubuntu.com.

April 12, 2012 08:02 Ubuntu: New gdm-guest-session packages fix security vulne...

0

Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files. Updated packages are available from security.ubuntu.com.

April 10, 2012 09:30 Ubuntu: New LTSP Display Manager packages fix security vu...

0

Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen. Updated packages are available from security.ubuntu.com.

April 10, 2012 09:28 Ubuntu: New MySQL packages fix security vulnerabilities

0

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. Updated packages are available from security.ubuntu.com.

April 08, 2012 15:52 Ubuntu: New Linux packages fix security vulnerabilities

0

It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. It was discovered that the GNU C Library did not properly handle passwd.adjunct.byname map entries in the Network Information Service (NIS) code in the name service caching daemon (nscd). An attacker could use this to obtain the encrypted passwords of NIS accounts. Chris Evans reported that the GNU C Library did not properly calculate the amount of memory to allocate in the fnmatch() code. An attacker could use this to cause a denial of service or possibly execute arbitrary code via a maliciously crafted UTF-8 string.

Tomas Hoger reported that an additional integer overflow was possible in the fnmatch() code. An attacker could use this to cause a denial of service via a maliciously crafted UTF-8 string. Dan Rosenberg discovered that the addmntent() function did not report an error status for failed attempts to write to the /etc/mtab file. This could allow an attacker to corrupt /etc/mtab, possibly causing a denial of service or otherwise manipulate mount options. Harald van Dijk discovered that the locale program did not properly quote its output. This could allow a local attacker to possibly execute arbitrary code using a crafted localization string that was evaluated in a shell script.

It was discovered that the GNU C library loader expanded the $ORIGIN dynamic string token when RPATH is composed entirely of this token. This could allow an attacker to gain privilege via a setuid program that had this RPATH value. It was discovered that the implementation of memcpy optimized for Supplemental Streaming SIMD Extensions 3 (SSSE3) contained a possible integer overflow. An attacker could use this to cause a denial of service or possibly execute arbitrary code. John Zimmerman discovered that the Remote Procedure Call (RPC) implementation did not properly handle large numbers of connections. This could allow a remote attacker to cause a denial of service.

It was discovered that the vfprintf() implementation contained a possible integer overflow in the format string protection code offered by FORTIFY_SOURCE. An attacker could use this flaw in conjunction with a format string vulnerability to bypass the format string protection and possibly execute arbitrary code.

Updated packages are available from security.ubuntu.com.

Screenshot

Project Spotlight

Find4j

A Java-based desktop-enhancing toolbox.

Screenshot

Project Spotlight

Opendedup

A deduplication-based filesystem for Windows and Linux (SDFS).