Posts Tagged ‘software description’
NetworkManager vulnerability
Posted by: Collector in Ubuntu-Security-Announce on June 27th, 2012
==========================================================================
Ubuntu Security Notice USN-1483-1
June 27, 2012
network-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
NetworkManager could create insecure AdHoc wireless networks.
Software Description:
- network-manager: Network connection manager
Details:
It was discovered that certain wireless drivers incorrectly handled the
creation of WPA-secured AdHoc connections. This could result in AdHoc
wireless connections being created without any security at all. This update
removes WPA as a security choice for AdHoc connections in NetworkManager.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
network-manager 0.9.1.90-0ubuntu5.2
Ubuntu 11.04:
network-manager 0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
Ubuntu 10.04 LTS:
network-manager 0.8-0ubuntu3.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1483-1
CVE-2012-2736
Package Information:
https://launchpad.net/ubuntu/+source/network-manager/0.9.1.90-0ubuntu5.2
https://launchpad.net/ubuntu/+source/network-manager/0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
https://launchpad.net/ubuntu/+source/network-manager/0.8-0ubuntu3.3
ClamAV regression
Posted by: Collector in Ubuntu-Security-Announce on June 19th, 2012
==========================================================================
Ubuntu Security Notice USN-1482-2
June 20, 2012
clamav regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
ClamAV could improperly detect malware if it opened a specially crafted file.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail
to install in certain situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ClamAV incorrectly handled certain malformed TAR
archives. A remote attacker could create a specially-crafted TAR file
containing malware that could escape being detected. (CVE-2012-1457,
CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could create a specially-crafted CHM file
containing malware that could escape being detected. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
clamav 0.97.5+dfsg-1ubuntu0.12.04.2
clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2
libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2
Ubuntu 11.10:
clamav 0.97.5+dfsg-1ubuntu0.11.10.2
clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2
libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2
Ubuntu 11.04:
clamav 0.97.5+dfsg-1ubuntu0.11.04.2
clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2
libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1482-2
http://www.ubuntu.com/usn/usn-1482-1
https://launchpad.net/bugs/1015337
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2
ClamAV vulnerabilities
Posted by: Collector in Ubuntu-Security-Announce on June 19th, 2012
==========================================================================
Ubuntu Security Notice USN-1482-1
June 19, 2012
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
ClamAV could improperly detect malware if it opened a specially crafted
file.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled certain malformed TAR
archives. A remote attacker could create a specially-crafted TAR file
containing malware that could escape being detected. (CVE-2012-1457,
CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM
files. A remote attacker could create a specially-crafted CHM file
containing malware that could escape being detected. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
clamav 0.97.5+dfsg-1ubuntu0.12.04.1
clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1
libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1
Ubuntu 11.10:
clamav 0.97.5+dfsg-1ubuntu0.11.10.1
clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1
libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1
Ubuntu 11.04:
clamav 0.97.5+dfsg-1ubuntu0.11.04.1
clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1
libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1
Ubuntu 10.04 LTS:
clamav 0.96.5+dfsg-1ubuntu1.10.04.4
clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4
libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1482-1
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Package Information:
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4
APT vulnerability
Posted by: Collector in Ubuntu-Users on June 15th, 2012
==========================================================================
Ubuntu Security Notice USN-1477-1
June 15, 2012
apt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
An attacker could trick APT into installing altered packages.
Software Description:
- apt: Advanced front-end for dpkg
Details:
Georgi Guninski discovered that APT did not properly validate imported
keyrings via apt-key net-update. USN-1475-1 added additional verification
for imported keyrings, but it was insufficient. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could potentially be
used to install altered packages. This update corrects the issue by
disabling the net-update option completely. A future update will re-enable
the option with corrected verification.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apt 0.8.16~exp12ubuntu10.2
Ubuntu 11.10:
apt 0.8.16~exp5ubuntu13.5
Ubuntu 11.04:
apt 0.8.13.2ubuntu4.6
Ubuntu 10.04 LTS:
apt 0.7.25.3ubuntu9.13
Ubuntu 8.04 LTS:
apt 0.7.9ubuntu17.6
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1477-1
CVE-2012-0954
Package Information:
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.2
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubuntu13.5
https://launchpad.net/ubuntu/+source/apt/0.8.13.2ubuntu4.6
https://launchpad.net/ubuntu/+source/apt/0.7.25.3ubuntu9.13
https://launchpad.net/ubuntu/+source/apt/0.7.9ubuntu17.6
Linux kernel vulnerability
Posted by: Collector in Ubuntu-Users on June 12th, 2012
==========================================================================
Ubuntu Security Notice USN-1468-1
June 12, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Software Description:
- linux: Linux kernel
Details:
Schacher Raindel discovered a flaw in the Linux kernel’s memory handling
when hugetlb is enabled. An unprivileged local attacker could exploit this
flaw to cause a denial of service and potentially gain higher privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-41-386 2.6.32-41.90
linux-image-2.6.32-41-generic 2.6.32-41.90
linux-image-2.6.32-41-generic-pae 2.6.32-41.90
linux-image-2.6.32-41-ia64 2.6.32-41.90
linux-image-2.6.32-41-lpia 2.6.32-41.90
linux-image-2.6.32-41-powerpc 2.6.32-41.90
linux-image-2.6.32-41-powerpc-smp 2.6.32-41.90
linux-image-2.6.32-41-powerpc64-smp 2.6.32-41.90
linux-image-2.6.32-41-preempt 2.6.32-41.90
linux-image-2.6.32-41-server 2.6.32-41.90
linux-image-2.6.32-41-sparc64 2.6.32-41.90
linux-image-2.6.32-41-sparc64-smp 2.6.32-41.90
linux-image-2.6.32-41-versatile 2.6.32-41.90
linux-image-2.6.32-41-virtual 2.6.32-41.90
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1468-1
CVE-2012-2133
Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-41.90
Update Manager vulnerability
Posted by: Collector in Ubuntu-Security-Announce on June 4th, 2012
==========================================================================
Ubuntu Security Notice USN-1443-2
June 04, 2012
update-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Update Manager could expose sensitive information in certain circumstances.
Software Description:
- update-manager: GNOME application that manages apt updates
Details:
USN-1443-1 fixed vulnerabilities in Update Manager. The fix for
CVE-2012-0949 was discovered to be incomplete. This update fixes the
problem.
Original advisory details:
Felix Geyer discovered that the Update Manager Apport hook incorrectly
uploaded certain system state archive files to Launchpad when reporting
bugs. This could possibly result in repository credentials being included
in public bug reports. (CVE-2012-0949)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
update-manager-core 1:0.156.14.5
Ubuntu 11.10:
update-manager-core 1:0.152.25.12
Ubuntu 11.04:
update-manager-core 1:0.150.5.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1443-2
http://www.ubuntu.com/usn/usn-1443-1
CVE-2012-0950
Package Information:
https://launchpad.net/ubuntu/+source/update-manager/1:0.156.14.5
https://launchpad.net/ubuntu/+source/update-manager/1:0.152.25.12
https://launchpad.net/ubuntu/+source/update-manager/1:0.150.5.4
Linux kernel (OMAP4) vulnerabilities
Posted by: Collector in Ubuntu-Security-Announce on May 31st, 2012
==========================================================================
Ubuntu Security Notice USN-1458-1
May 31, 2012
linux-ti-omap4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was found in the Linux’s kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)
A flaw was discovered in the Linux kernel’s cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)
H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)
A flaw was discovered in the Linux kernel’s cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)
A flaw was found in the Linux kernel’s ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
linux-image-2.6.38-1209-omap4 2.6.38-1209.24
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1458-1
CVE-2011-4086, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146,
CVE-2012-2100
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.24
Linux kernel vulnerability
Posted by: Collector in Ubuntu-Users on May 25th, 2012
==========================================================================
Ubuntu Security Notice USN-1454-1
May 25, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
The system could be made to crash or become unresponsive under certain
conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was found in the Linux’s kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 8.04 LTS:
linux-image-2.6.24-31-386 2.6.24-31.101
linux-image-2.6.24-31-generic 2.6.24-31.101
linux-image-2.6.24-31-hppa32 2.6.24-31.101
linux-image-2.6.24-31-hppa64 2.6.24-31.101
linux-image-2.6.24-31-itanium 2.6.24-31.101
linux-image-2.6.24-31-lpia 2.6.24-31.101
linux-image-2.6.24-31-lpiacompat 2.6.24-31.101
linux-image-2.6.24-31-mckinley 2.6.24-31.101
linux-image-2.6.24-31-openvz 2.6.24-31.101
linux-image-2.6.24-31-powerpc 2.6.24-31.101
linux-image-2.6.24-31-powerpc-smp 2.6.24-31.101
linux-image-2.6.24-31-powerpc64-smp 2.6.24-31.101
linux-image-2.6.24-31-rt 2.6.24-31.101
linux-image-2.6.24-31-server 2.6.24-31.101
linux-image-2.6.24-31-sparc64 2.6.24-31.101
linux-image-2.6.24-31-sparc64-smp 2.6.24-31.101
linux-image-2.6.24-31-virtual 2.6.24-31.101
linux-image-2.6.24-31-xen 2.6.24-31.101
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1454-1
CVE-2011-4086
Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.24-31.101
feedparser vulnerability
Posted by: Collector in Ubuntu-Security-Announce on May 22nd, 2012
==========================================================================
Ubuntu Security Notice USN-1449-1
May 22, 2012
feedparser vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Applications using feedparser could be made to crash if they fetched a
specially crafted feed.
Software Description:
- feedparser: Universal Feed Parser for Python
Details:
It was discovered that feedparser did not properly sanitize ENTITY
declarations in encoded fields. A remote attacker could exploit this to
cause a denial of service via memory exhaustion.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
python-feedparser 5.1-0ubuntu3.1
python3-feedparser 5.1-0ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1449-1
CVE-2012-2921
Package Information:
https://launchpad.net/ubuntu/+source/feedparser/5.1-0ubuntu3.1
libxml2 vulnerability
Posted by: Collector in Ubuntu-Security-Announce on May 21st, 2012
==========================================================================
Ubuntu Security Notice USN-1447-1
May 21, 2012
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
Juri Aedla discovered that libxml2 contained an off by one error in its
XPointer functionality. If a user or application linked against libxml2
were tricked into opening a specially crafted XML file, an attacker could
cause the application to crash or possibly execute arbitrary code with the
privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.1
Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.3
Ubuntu 11.04:
libxml2 2.7.8.dfsg-2ubuntu0.4
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.5
Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.9
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1447-1
CVE-2011-3102
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.1
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.3
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.5
https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.9
