Ubuntu Security Notices

USN-773-1: Pango vulnerability

MarcDeslauriers — Thu, 07 May 2009 18:31:30 +0000

Referenced CVEs:

CVE-2009-1194

Description:

=========================================================== Ubuntu Security Notice USN-773-1 May 07, 2009 pango1.0 vulnerability CVE-2009-1194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpango1.0-0 1.12.3-0ubuntu3.1 Ubuntu 8.04 LTS: libpango1.0-0 1.20.5-0ubuntu1.1 Ubuntu 8.10: libpango1.0-0 1.22.2-0ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

USN-772-1: MPFR vulnerability

MarcDeslauriers — Thu, 07 May 2009 18:30:45 +0000

Referenced CVEs:

CVE-2009-0757

Description:

=========================================================== Ubuntu Security Notice USN-772-1 May 07, 2009 mpfr vulnerability CVE-2009-0757 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: lib64mpfr1 2.4.0-1ubuntu3.1 libmpfr1ldbl 2.4.0-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

USN-771-1: libmodplug vulnerabilities

MarcDeslauriers — Thu, 07 May 2009 18:29:53 +0000

Referenced CVEs:

CVE-2009-1438, CVE-2009-1513

Description:

=========================================================== Ubuntu Security Notice USN-771-1 May 07, 2009 libmodplug vulnerabilities CVE-2009-1438, CVE-2009-1513 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmodplug0c2 1:0.7-5ubuntu0.6.06.2 Ubuntu 8.04 LTS: libmodplug0c2 1:0.7-7ubuntu0.8.04.1 Ubuntu 8.10: libmodplug0c2 1:0.7-7ubuntu0.8.10.1 Ubuntu 9.04: libmodplug0c2 1:0.8.4-3ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2009-1438) Manfred Tremmel and Stanislav Brabec discovered that libmodplug did not correctly handle long instrument names when parsing PAT sample files. If a user or automated system were tricked into opening a crafted PAT file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-1438)

USN-770-1: ClamAV vulnerability

JamesStrandboge — Mon, 04 May 2009 22:59:05 +0000

Description:

=========================================================== Ubuntu Security Notice USN-770-1 May 04, 2009 clamav vulnerability https://launchpad.net/bugs/365823 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: clamav-milter 0.95.1+dfsg-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user. This update attempts to repair the incorrect ownership for standard system directories, but it is recommended that the following command be performed to report any other directories that may be affected: $ sudo find -H / -type d -user clamav \! -group clamav 2>/dev/null Systems configured to run clamav as a user other than the default 'clamav' user will need to adjust the above command accordingly.

USN-769-1: libwmf vulnerability

MarcDeslauriers — Mon, 04 May 2009 14:49:26 +0000

Referenced CVEs:

CVE-2009-1364

Description:

=========================================================== Ubuntu Security Notice USN-769-1 May 04, 2009 libwmf vulnerability CVE-2009-1364 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libwmf0.2-7 0.2.8.3-3.1ubuntu0.2 Ubuntu 8.04 LTS: libwmf0.2-7 0.2.8.4-6ubuntu0.8.04.1 Ubuntu 8.10: libwmf0.2-7 0.2.8.4-6ubuntu0.8.10.1 Ubuntu 9.04: libwmf0.2-7 0.2.8.4-6ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

USN-768-1: Apport vulnerability

JamesStrandboge — Wed, 29 Apr 2009 22:42:18 +0000

Referenced CVEs:

CVE-2009-1295

Description:

=========================================================== Ubuntu Security Notice USN-768-1 April 29, 2009 Apport vulnerability CVE-2009-1295 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: apport 0.108.4 Ubuntu 8.10: apport 0.119.2 Ubuntu 9.04: apport 1.0-0ubuntu5.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system.

USN-765-1: Firefox and Xulrunner vulnerabilities

JamesStrandboge — Tue, 28 Apr 2009 19:28:13 +0000

Referenced CVEs:

CVE-2009-1313

Description:

=========================================================== Ubuntu Security Notice USN-765-1 April 28, 2009 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-1313 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.10+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.10+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.10+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: abrowser 3.0.10+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.10+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.10+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

USN-767-1: FreeType vulnerability

MarcDeslauriers — Mon, 27 Apr 2009 21:31:49 +0000

Referenced CVEs:

CVE-2009-0946

Description:

=========================================================== Ubuntu Security Notice USN-767-1 April 27, 2009 freetype vulnerability CVE-2009-0946 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.6 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.2 Ubuntu 8.10: libfreetype6 2.3.7-2ubuntu1.1 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.

USN-766-1: acpid vulnerability

MarcDeslauriers — Mon, 27 Apr 2009 21:30:46 +0000

Referenced CVEs:

CVE-2009-0798

Description:

=========================================================== Ubuntu Security Notice USN-766-1 April 27, 2009 acpid vulnerability CVE-2009-0798 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: acpid 1.0.4-1ubuntu11.2 Ubuntu 8.04 LTS: acpid 1.0.4-5ubuntu9.3 Ubuntu 8.10: acpid 1.0.6-9ubuntu4.8.10.2 Ubuntu 9.04: acpid 1.0.6-9ubuntu4.9.04.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that acpid did not properly handle a large number of connections. A local user could exploit this and monopolize CPU resources, leading to a denial of service.

USN-761-2: PHP vulnerabilities

MarcDeslauriers — Mon, 27 Apr 2009 21:29:40 +0000

Referenced CVEs:

CVE-2008-5814, CVE-2009-1271

Description:

=========================================================== Ubuntu Security Notice USN-761-2 April 27, 2009 php5 vulnerabilities CVE-2008-5814, CVE-2009-1271 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.1 php5-cgi 5.2.6.dfsg.1-3ubuntu4.1 php5-cli 5.2.6.dfsg.1-3ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-761-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2008-5814) It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10. (CVE-2009-1271)

USN-764-1: Firefox and Xulrunner vulnerabilities

JamesStrandboge — Thu, 23 Apr 2009 02:12:00 +0000

Referenced CVEs:

CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312

Description:

=========================================================== Ubuntu Security Notice USN-764-1 April 23, 2009 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.9+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.9+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.9+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: abrowser 3.0.9+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.9+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.9+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0652) Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308) Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private data. (CVE-2009-1311)

USN-763-1: xine-lib vulnerabilities

MarcDeslauriers — Mon, 20 Apr 2009 21:43:01 +0000

Referenced CVEs:

CVE-2009-0698, CVE-2009-1274

Description:

=========================================================== Ubuntu Security Notice USN-763-1 April 20, 2009 xine-lib vulnerabilities CVE-2009-0698, CVE-2009-1274 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.12 Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.4 Ubuntu 8.10: libxine1 1.1.15-0ubuntu3.3 After a standard system upgrade you need to restart applications linked against xine-lib, such as Totem-xine and Amarok, to effect the necessary changes. Details follow: It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274) USN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem. Original advisory details: It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0698)

USN-761-1: PHP vulnerabilities

MarcDeslauriers — Mon, 20 Apr 2009 21:41:59 +0000

Referenced CVEs:

CVE-2008-5814, CVE-2009-0754, CVE-2009-1271

Description:

=========================================================== Ubuntu Security Notice USN-761-1 April 20, 2009 php5 vulnerabilities CVE-2008-5814, CVE-2009-0754, CVE-2009-1271 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.14 php5-cgi 5.1.2-1ubuntu3.14 php5-cli 5.1.2-1ubuntu3.14 Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.6 php5-cgi 5.2.4-2ubuntu5.6 php5-cli 5.2.4-2ubuntu5.6 Ubuntu 8.10: libapache2-mod-php5 5.2.6-2ubuntu4.2 php5-cgi 5.2.6-2ubuntu4.2 php5-cli 5.2.6-2ubuntu4.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2008-5814) It was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. (CVE-2009-0754) It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10. (CVE-2009-1271)

USN-762-1: APT vulnerabilities

JamesStrandboge — Mon, 20 Apr 2009 21:36:21 +0000

Referenced CVEs:

CVE-2009-1300

Description:

=========================================================== Ubuntu Security Notice USN-762-1 April 20, 2009 apt vulnerabilities CVE-2009-1300, https://launchpad.net/bugs/356012 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apt 0.6.43.3ubuntu3.1 Ubuntu 8.04 LTS: apt 0.7.9ubuntu17.2 Ubuntu 8.10: apt 0.7.14ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. (CVE-2009-1300) Michael Casadevall discovered that APT did not properly verify repositories signed with a revoked or expired key. If a repository were signed with only an expired or revoked key and the signature was otherwise valid, APT would consider the repository valid. (https://launchpad.net/bugs/356012)

USN-760-1: CUPS vulnerability

JamesStrandboge — Thu, 16 Apr 2009 21:28:14 +0000

Referenced CVEs:

CVE-2009-0163

Description:

=========================================================== Ubuntu Security Notice USN-760-1 April 16, 2009 cups, cupsys vulnerability CVE-2009-0163 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcupsimage2 1.2.2-0ubuntu0.6.06.13 Ubuntu 7.10: libcupsimage2 1.3.2-1ubuntu7.10 Ubuntu 8.04 LTS: libcupsimage2 1.3.7-1ubuntu3.4 Ubuntu 8.10: libcupsimage2 1.3.9-2ubuntu9.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile.

USN-759-1: poppler vulnerabilities

MarcDeslauriers — Thu, 16 Apr 2009 21:26:02 +0000

Referenced CVEs:

CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188

Description:

=========================================================== Ubuntu Security Notice USN-759-1 April 16, 2009 poppler vulnerabilities CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.5 libpoppler1-glib 0.5.1-0ubuntu7.5 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.2 libpoppler2 0.6.4-1ubuntu3.2 Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.2 libpoppler3 0.8.7-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that poppler contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

USN-758-1: udev vulnerabilities

KeesCook — Wed, 15 Apr 2009 17:07:15 +0000

Referenced CVEs:

CVE-2009-1185, CVE-2009-1186

Description:

=========================================================== Ubuntu Security Notice USN-758-1 April 15, 2009 udev vulnerabilities CVE-2009-1185, CVE-2009-1186 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: udev 079-0ubuntu35.1 Ubuntu 7.10: udev 113-0ubuntu17.2 Ubuntu 8.04 LTS: udev 117-8ubuntu0.2 Ubuntu 8.10: udev 124-9ubuntu0.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. (CVE-2009-1185) Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service. (CVE-2009-1186)

USN-757-1: Ghostscript vulnerabilities

MarcDeslauriers — Wed, 15 Apr 2009 14:47:15 +0000

Referenced CVEs:

CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792

Description:

=========================================================== Ubuntu Security Notice USN-757-1 April 15, 2009 ghostscript, gs-esp, gs-gpl vulnerabilities CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2 gs-gpl 8.15-4ubuntu3.3 Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.2 Ubuntu 8.10: libgs8 8.63.dfsg.1-0ubuntu6.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2008-6679) It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0792) Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0196) USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package. Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583) It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0584)

USN-756-1: ClamAV vulnerability

JamesStrandboge — Mon, 13 Apr 2009 18:59:06 +0000

Description:

=========================================================== Ubuntu Security Notice USN-756-1 April 13, 2009 clamav vulnerability https://launchpad.net/bugs/360502 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ClamAV did not properly verify buffers when processing Upack files. A remote attacker could send a crafted file and cause a denial of service via application crash.

USN-755-1: Kerberos vulnerabilities

KeesCook — Tue, 07 Apr 2009 23:34:38 +0000

Referenced CVEs:

CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847

Description:

=========================================================== Ubuntu Security Notice USN-755-1 April 07, 2009 krb5 vulnerabilities CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.8 libkrb53 1.4.3-5ubuntu0.8 Ubuntu 7.10: libkadm55 1.6.dfsg.1-7ubuntu0.2 libkrb53 1.6.dfsg.1-7ubuntu0.2 Ubuntu 8.04 LTS: libkadm55 1.6.dfsg.3~beta1-2ubuntu1.1 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.1 Ubuntu 8.10: libkadm55 1.6.dfsg.4~beta1-3ubuntu0.1 libkrb53 1.6.dfsg.4~beta1-3ubuntu0.1 After a standard system upgrade you need to restart any services using the Kerberos libraries to effect the necessary changes. Details follow: Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routines that did not correctly handle certain requests. An unauthenticated remote attacker could send specially crafted traffic to crash services using the Kerberos library, leading to a denial of service.

USN-754-1: ClamAV vulnerabilities

JamesStrandboge — Tue, 07 Apr 2009 19:32:01 +0000

Referenced CVEs:

CVE-2008-6680, CVE-2009-1270

Description:

=========================================================== Ubuntu Security Notice USN-754-1 April 07, 2009 clamav vulnerabilities CVE-2008-6680, CVE-2009-1270 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. (CVE-2009-1270) It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero). (CVE-2008-6680)

USN-752-1: Linux kernel vulnerabilities

KeesCook — Tue, 07 Apr 2009 17:36:55 +0000

Referenced CVEs:

CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859

Description:

=========================================================== Ubuntu Security Notice USN-752-1 April 07, 2009 linux-source-2.6.15 vulnerabilities CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-54-386 2.6.15-54.76 linux-image-2.6.15-54-686 2.6.15-54.76 linux-image-2.6.15-54-amd64-generic 2.6.15-54.76 linux-image-2.6.15-54-amd64-k8 2.6.15-54.76 linux-image-2.6.15-54-amd64-server 2.6.15-54.76 linux-image-2.6.15-54-amd64-xeon 2.6.15-54.76 linux-image-2.6.15-54-hppa32 2.6.15-54.76 linux-image-2.6.15-54-hppa32-smp 2.6.15-54.76 linux-image-2.6.15-54-hppa64 2.6.15-54.76 linux-image-2.6.15-54-hppa64-smp 2.6.15-54.76 linux-image-2.6.15-54-itanium 2.6.15-54.76 linux-image-2.6.15-54-itanium-smp 2.6.15-54.76 linux-image-2.6.15-54-k7 2.6.15-54.76 linux-image-2.6.15-54-mckinley 2.6.15-54.76 linux-image-2.6.15-54-mckinley-smp 2.6.15-54.76 linux-image-2.6.15-54-powerpc 2.6.15-54.76 linux-image-2.6.15-54-powerpc-smp 2.6.15-54.76 linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.76 linux-image-2.6.15-54-server 2.6.15-54.76 linux-image-2.6.15-54-server-bigiron 2.6.15-54.76 linux-image-2.6.15-54-sparc64 2.6.15-54.76 linux-image-2.6.15-54-sparc64-smp 2.6.15-54.76 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. (CVE-2008-4307) Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. (CVE-2008-6107) In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028) The 64-bit syscall interfaces did not correctly handle sign extension. A local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected. (CVE-2009-0029) The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065) The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322) Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675) The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676) The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835) The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859)

USN-753-1: PostgreSQL vulnerability

MarcDeslauriers — Tue, 07 Apr 2009 15:46:16 +0000

Referenced CVEs:

CVE-2009-0922

Description:

=========================================================== Ubuntu Security Notice USN-753-1 April 07, 2009 postgresql-8.1, postgresql-8.3 vulnerability CVE-2009-0922 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.17-0ubuntu0.6.06.1 Ubuntu 8.04 LTS: postgresql-8.3 8.3.7-0ubuntu8.04.1 Ubuntu 8.10: postgresql-8.3 8.3.7-0ubuntu8.10.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.

USN-751-1: Linux kernel vulnerabilities

KeesCook — Tue, 07 Apr 2009 00:04:16 +0000

Referenced CVEs:

CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0605, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1046

Description:

=========================================================== Ubuntu Security Notice USN-751-1 April 07, 2009 linux, linux-source-2.6.22 vulnerabilities CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0605, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1046 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: linux-image-2.6.22-16-386 2.6.22-16.62 linux-image-2.6.22-16-cell 2.6.22-16.62 linux-image-2.6.22-16-generic 2.6.22-16.62 linux-image-2.6.22-16-hppa32 2.6.22-16.62 linux-image-2.6.22-16-hppa64 2.6.22-16.62 linux-image-2.6.22-16-itanium 2.6.22-16.62 linux-image-2.6.22-16-lpia 2.6.22-16.62 linux-image-2.6.22-16-lpiacompat 2.6.22-16.62 linux-image-2.6.22-16-mckinley 2.6.22-16.62 linux-image-2.6.22-16-powerpc 2.6.22-16.62 linux-image-2.6.22-16-powerpc-smp 2.6.22-16.62 linux-image-2.6.22-16-powerpc64-smp 2.6.22-16.62 linux-image-2.6.22-16-rt 2.6.22-16.62 linux-image-2.6.22-16-server 2.6.22-16.62 linux-image-2.6.22-16-sparc64 2.6.22-16.62 linux-image-2.6.22-16-sparc64-smp 2.6.22-16.62 linux-image-2.6.22-16-ume 2.6.22-16.62 linux-image-2.6.22-16-virtual 2.6.22-16.62 linux-image-2.6.22-16-xen 2.6.22-16.62 Ubuntu 8.04 LTS: linux-image-2.6.24-23-386 2.6.24-23.52 linux-image-2.6.24-23-generic 2.6.24-23.52 linux-image-2.6.24-23-hppa32 2.6.24-23.52 linux-image-2.6.24-23-hppa64 2.6.24-23.52 linux-image-2.6.24-23-itanium 2.6.24-23.52 linux-image-2.6.24-23-lpia 2.6.24-23.52 linux-image-2.6.24-23-lpiacompat 2.6.24-23.52 linux-image-2.6.24-23-mckinley 2.6.24-23.52 linux-image-2.6.24-23-openvz 2.6.24-23.52 linux-image-2.6.24-23-powerpc 2.6.24-23.52 linux-image-2.6.24-23-powerpc-smp 2.6.24-23.52 linux-image-2.6.24-23-powerpc64-smp 2.6.24-23.52 linux-image-2.6.24-23-rt 2.6.24-23.52 linux-image-2.6.24-23-server 2.6.24-23.52 linux-image-2.6.24-23-sparc64 2.6.24-23.52 linux-image-2.6.24-23-sparc64-smp 2.6.24-23.52 linux-image-2.6.24-23-virtual 2.6.24-23.52 linux-image-2.6.24-23-xen 2.6.24-23.52 Ubuntu 8.10: linux-image-2.6.27-11-generic 2.6.27-11.31 linux-image-2.6.27-11-server 2.6.27-11.31 linux-image-2.6.27-11-virtual 2.6.27-11.31 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307) Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-6107) In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. (CVE-2009-0028) The kernel keyring did not free memory correctly. A local attacker could consume unlimited kernel memory, leading to a denial of service. (CVE-2009-0031) The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065) The eCryptfs filesystem did not correctly handle certain VFS return codes. A local attacker with write-access to an eCryptfs filesystem could cause a system crash, leading to a denial of service. (CVE-2009-0269) The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. (CVE-2009-0322) The page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered. Only Ubuntu 8.10 was affected. (CVE-2009-0605) Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. (CVE-2009-0675) The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. (CVE-2009-0676) The ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-0745) The ext4 filesystem did not correctly validate certain fields. A local attacker could mount a malicious ext4 filesystem, causing a system crash, leading to a denial of service. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748) The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. (CVE-2009-0834, CVE-2009-0835) The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default. (CVE-2009-0859) The virtual consoles did not correctly handle certain UTF-8 sequences. A local attacker on the physical console could exploit this to cause a system crash, leading to a denial of service. (CVE-2009-1046)

USN-750-1: OpenSSL vulnerability

JamesStrandboge — Mon, 30 Mar 2009 23:23:14 +0000

Referenced CVEs:

CVE-2009-0590

Description:

=========================================================== Ubuntu Security Notice USN-750-1 March 30, 2009 openssl vulnerability CVE-2009-0590 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.7 Ubuntu 7.10: libssl0.9.8 0.9.8e-5ubuntu3.4 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.5 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.