USN-784-1: ImageMagick vulnerability

Referenced CVEs: 
CVE-2009-1882
Description: 
=========================================================== Ubuntu Security Notice USN-784-1 June 09, 2009 imagemagick vulnerability CVE-2009-1882 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libmagick9 6:6.2.4.5-0.6ubuntu0.9 Ubuntu 8.04 LTS: libmagick10 7:6.3.7.9.dfsg1-2ubuntu1.1 Ubuntu 8.10: libmagick10 7:6.3.7.9.dfsg1-2ubuntu3.1 Ubuntu 9.04: libmagickcore1 7:6.4.5.4.dfsg1-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

USN-783-1: eCryptfs vulnerability

Referenced CVEs: 
CVE-2009-1296
Description: 
=========================================================== Ubuntu Security Notice USN-783-1 June 08, 2009 ecryptfs-utils vulnerability CVE-2009-1296 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: ecryptfs-utils 73-0ubuntu6.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk, potentially leading to a loss of privacy.

USN-781-2: Gaim vulnerabilities

Referenced CVEs: 
CVE-2009-1373, CVE-2009-1376
Description: 
=========================================================== Ubuntu Security Notice USN-781-2 June 03, 2009 gaim vulnerabilities CVE-2009-1373, CVE-2009-1376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2 After a standard system upgrade you need to restart Gaim to effect the necessary changes. Details follow: It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)

USN-781-1: Pidgin vulnerabilities

Referenced CVEs: 
CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
Description: 
=========================================================== Ubuntu Security Notice USN-781-1 June 03, 2009 pidgin vulnerabilities CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.4 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.2 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.1 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374) It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375) It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)

USN-780-1: CUPS vulnerability

Referenced CVEs: 
CVE-2009-0949
Description: 
=========================================================== Ubuntu Security Notice USN-780-1 June 03, 2009 cups, cupsys vulnerability CVE-2009-0949 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.14 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.5 Ubuntu 8.10: cups 1.3.9-2ubuntu9.2 Ubuntu 9.04: cups 1.3.9-17ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service.

Canonical announces support for Moblin v2

Canonical announces support for Moblin v2

Ubuntu(R) sponsor confirms intention to deliver an Ubuntu Moblin remix

Intel Classmate PC running UNR

Canonical delivers next generation of Ubuntu for Intel-powered classmate PCs

Intel-powered, education-oriented affordable netbooks

Computex, Taipei, June 2, 2009: Canonical, the commercial sponsor of Ubuntu, today announced that it has reached an agreement with Intel Corporation to deliver Ubuntu as an operating system for the Intel-powered classmate PCs.

Sandisk collaborates to improve SSDs on Ubuntu netbooks

Canonical announces detail of collaboration with SanDisk to better support Ubuntu

Ubuntu sponsor and leading solid state drive manufacturer share expertise to provide better Linux experience on both netbooks and laptops

USN-778-1: cron vulnerability

Referenced CVEs: 
CVE-2006-2607
Description: 
=========================================================== Ubuntu Security Notice USN-778-1 June 01, 2009 cron vulnerability CVE-2006-2607 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cron 3.0pl1-92ubuntu1.1 Ubuntu 8.04 LTS: cron 3.0pl1-100ubuntu2.1 Ubuntu 8.10: cron 3.0pl1-104+ubuntu5.1 Ubuntu 9.04: cron 3.0pl1-105ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that cron did not properly check the return code of the setgid() and initgroups() system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid() check referred to by CVE-2006-2607.

USN-777-1: Ntp vulnerabilities

Referenced CVEs: 
CVE-2009-0159, CVE-2009-1252
Description: 
=========================================================== Ubuntu Security Notice USN-777-1 May 19, 2009 ntp vulnerabilities CVE-2009-0159, CVE-2009-1252 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.2 ntp-server 1:4.2.0a+stable-8.1ubuntu6.2 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.2 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.3 Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0159) Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possibly execute arbitrary code. (CVE-2009-1252)
Syndicate content