About Ubuntu

=========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.5 Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.2 Ubuntu 9.04: nagios3 3.0.6-2ubuntu1.1 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.

=========================================================== Ubuntu Security Notice USN-794-1 July 02, 2009 libcompress-raw-zlib-perl, perl vulnerability CVE-2009-1391 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libcompress-raw-zlib-perl 2.008-1ubuntu0.1 Ubuntu 8.10: libcompress-raw-zlib-perl 2.011-2ubuntu0.1 perl 5.10.0-11.1ubuntu2.3 Ubuntu 9.04: libcompress-raw-zlib-perl 2.015-1ubuntu0.1 perl 5.10.0-19ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.

=========================================================== Ubuntu Security Notice USN-793-1 July 02, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338, CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1914, CVE-2009-1961 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-54-386 2.6.15-54.77 linux-image-2.6.15-54-686 2.6.15-54.77 linux-image-2.6.15-54-amd64-generic 2.6.15-54.77 linux-image-2.6.15-54-amd64-k8 2.6.15-54.77 linux-image-2.6.15-54-amd64-server 2.6.15-54.77 linux-image-2.6.15-54-amd64-xeon 2.6.15-54.77 linux-image-2.6.15-54-hppa32 2.6.15-54.77 linux-image-2.6.15-54-hppa32-smp 2.6.15-54.77 linux-image-2.6.15-54-hppa64 2.6.15-54.77 linux-image-2.6.15-54-hppa64-smp 2.6.15-54.77 linux-image-2.6.15-54-itanium 2.6.15-54.77 linux-image-2.6.15-54-itanium-smp 2.6.15-54.77 linux-image-2.6.15-54-k7 2.6.15-54.77 linux-image-2.6.15-54-mckinley 2.6.15-54.77 linux-image-2.6.15-54-mckinley-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc 2.6.15-54.77 linux-image-2.6.15-54-powerpc-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.77 linux-image-2.6.15-54-server 2.6.15-54.77 linux-image-2.6.15-54-server-bigiron 2.6.15-54.77 linux-image-2.6.15-54-sparc64 2.6.15-54.77 linux-image-2.6.15-54-sparc64-smp 2.6.15-54.77 Ubuntu 8.04 LTS: linux-image-2.6.24-24-386 2.6.24-24.55 linux-image-2.6.24-24-generic 2.6.24-24.55 linux-image-2.6.24-24-hppa32 2.6.24-24.55 linux-image-2.6.24-24-hppa64 2.6.24-24.55 linux-image-2.6.24-24-itanium 2.6.24-24.55 linux-image-2.6.24-24-lpia 2.6.24-24.55 linux-image-2.6.24-24-lpiacompat 2.6.24-24.55 linux-image-2.6.24-24-mckinley 2.6.24-24.55 linux-image-2.6.24-24-openvz 2.6.24-24.55 linux-image-2.6.24-24-powerpc 2.6.24-24.55 linux-image-2.6.24-24-powerpc-smp 2.6.24-24.55 linux-image-2.6.24-24-powerpc64-smp 2.6.24-24.55 linux-image-2.6.24-24-rt 2.6.24-24.55 linux-image-2.6.24-24-server 2.6.24-24.55 linux-image-2.6.24-24-sparc64 2.6.24-24.55 linux-image-2.6.24-24-sparc64-smp 2.6.24-24.55 linux-image-2.6.24-24-virtual 2.6.24-24.55 linux-image-2.6.24-24-xen 2.6.24-24.55 Ubuntu 8.10: linux-image-2.6.27-14-generic 2.6.27-14.35 linux-image-2.6.27-14-server 2.6.27-14.35 linux-image-2.6.27-14-virtual 2.6.27-14.35 Ubuntu 9.04: linux-image-2.6.28-13-generic 2.6.28-13.45 linux-image-2.6.28-13-imx51 2.6.28-13.45 linux-image-2.6.28-13-iop32x 2.6.28-13.45 linux-image-2.6.28-13-ixp4xx 2.6.28-13.45 linux-image-2.6.28-13-lpia 2.6.28-13.45 linux-image-2.6.28-13-server 2.6.28-13.45 linux-image-2.6.28-13-versatile 2.6.28-13.45 linux-image-2.6.28-13-virtual 2.6.28-13.45 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04, 8.10 and 9.04 the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Igor Zhbanov discovered that NFS clients were able to create device nodes even when root_squash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1072) Dan Carpenter discovered that SELinux did not correctly handle certain network checks when running with compat_net=1. A local attacker could exploit this to bypass network checks. Default Ubuntu installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1184) Shaohua Li discovered that memory was not correctly initialized in the AGP subsystem. A local attacker could potentially read kernel memory, leading to a loss of privacy. (CVE-2009-1192) Benjamin Gilbert discovered that the VMX implementation of KVM did not correctly handle certain registers. An attacker in a guest VM could exploit this to cause a host system crash, leading to a denial of service. This only affected 32bit hosts. Ubuntu 6.06 was not affected. (CVE-2009-1242) Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol did not correctly validate certain fields. A remote attacker could exploit this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265) Trond Myklebust discovered that NFS did not correctly handle certain long filenames. An authenticated remote attacker could exploit this to cause a system crash, leading to a denial of service. Only Ubuntu 6.06 was affected. (CVE-2009-1336) Oleg Nesterov discovered that the kernel did not correctly handle CAP_KILL. A local user could exploit this to send signals to arbitrary processes, leading to a denial of service. (CVE-2009-1337) Daniel Hokka Zakrisson discovered that signal handling was not correctly limited to process namespaces. A local user could bypass namespace restrictions, possibly leading to a denial of service. Only Ubuntu 8.04 was affected. (CVE-2009-1338) Pavel Emelyanov discovered that network namespace support for IPv6 was not correctly handled. A remote attacker could send specially crafted IPv6 traffic that would cause a system crash, leading to a denial of service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360) Neil Horman discovered that the e1000 network driver did not correctly validate certain fields. A remote attacker could send a specially crafted packet that would cause a system crash, leading to a denial of service. (CVE-2009-1385) Pavan Naregundi discovered that CIFS did not correctly check lengths when handling certain mount requests. A remote attacker could send specially crafted traffic to cause a system crash, leading to a denial of service. (CVE-2009-1439) Simon Vallet and Frank Filz discovered that execute permissions were not correctly handled by NFSv4. A local user could bypass permissions and run restricted programs, possibly leading to an escalation of privileges. (CVE-2009-1630) Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFS client code. A malicious remote server could exploit this to cause a system crash or execute arbitrary code as root. (CVE-2009-1633) Mikulas Patocka discovered that /proc/iomem was not correctly initialized on Sparc. A local attacker could use this file to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1914) Miklos Szeredi discovered that OCFS2 did not correctly handle certain splice operations. A local attacker could exploit this to cause a system hang, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1961)

=========================================================== Ubuntu Security Notice USN-782-1 June 25, 2009 thunderbird vulnerabilities CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: thunderbird 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: thunderbird 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: thunderbird 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833, CVE-2009-1838) Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. (CVE-2009-1308) Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2009-1836) It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website. (CVE-2009-1841)

=========================================================== Ubuntu Security Notice USN-792-1 June 25, 2009 openssl vulnerabilities CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.9 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.7 Ubuntu 8.10: libssl0.9.8 0.9.8g-10.1ubuntu2.4 Ubuntu 9.04: libssl0.9.8 0.9.8g-15ubuntu3.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1377) It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1378) It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. (CVE-2009-1379) It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. (CVE-2009-1386) It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request. (CVE-2009-1387)

=========================================================== Ubuntu Security Notice USN-791-2 June 24, 2009 moodle vulnerability CVE-2009-1171 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: moodle 1.9.4.dfsg-0ubuntu1.1 After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data. Details follow: Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)

=========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: smarty 2.6.22-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user.

=========================================================== Ubuntu Security Notice USN-791-1 June 24, 2009 moodle vulnerabilities CVE-2007-3215, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5153, CVE-2008-5432, CVE-2008-5619, CVE-2008-6124, CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502, CVE-2009-1171, CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: moodle 1.8.2-1ubuntu4.2 Ubuntu 8.10: moodle 1.8.2-1.2ubuntu2.1 After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data. Details follow: Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215) Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003) It was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669) It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153) Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022) It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007) It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010) Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023) Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006) Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009) Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003) Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004) Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002) Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021) It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806) It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857)

=========================================================== Ubuntu Security Notice USN-790-1 June 24, 2009 cyrus-sasl2 vulnerability CVE-2009-0688 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsasl2 2.1.19.dfsg1-0.1ubuntu3.1 Ubuntu 8.04 LTS: libsasl2-2 2.1.22.dfsg1-18ubuntu2.1 Ubuntu 8.10: libsasl2-2 2.1.22.dfsg1-21ubuntu2.1 Ubuntu 9.04: libsasl2-2 2.1.22.dfsg1-23ubuntu3.1 After a standard system upgrade you need to restart services using SASL to effect the necessary changes. Details follow: James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.

=========================================================== Ubuntu Security Notice USN-789-1 June 22, 2009 gst-plugins-good0.10 vulnerability CVE-2009-1932 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gstreamer0.10-plugins-good 0.10.3-0ubuntu4.2 Ubuntu 8.04 LTS: gstreamer0.10-plugins-good 0.10.7-3ubuntu0.3 Ubuntu 8.10: gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.2 Ubuntu 9.04: gstreamer0.10-plugins-good 0.10.14-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.