Security announcements
USN-894-1: Linux kernel vulnerabilities
Submitted by KeesCook on Fri, 2010-02-05 02:23Referenced CVEs:
CVE-2009-4020, CVE-2009-4021, CVE-2009-4031, CVE-2009-4138, CVE-2009-4141, CVE-2009-4308, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0006, CVE-2010-0007, CVE-2010-0291
Description:
===========================================================
Ubuntu Security Notice USN-894-1 February 05, 2010
linux, linux-source-2.6.15 vulnerabilities
CVE-2009-4020, CVE-2009-4021, CVE-2009-4031, CVE-2009-4138,
CVE-2009-4141, CVE-2009-4308, CVE-2009-4536, CVE-2009-4538,
CVE-2010-0003, CVE-2010-0006, CVE-2010-0007, CVE-2010-0291
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.82
linux-image-2.6.15-55-686 2.6.15-55.82
linux-image-2.6.15-55-amd64-generic 2.6.15-55.82
linux-image-2.6.15-55-amd64-k8 2.6.15-55.82
linux-image-2.6.15-55-amd64-server 2.6.15-55.82
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.82
linux-image-2.6.15-55-hppa32 2.6.15-55.82
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.82
linux-image-2.6.15-55-hppa64 2.6.15-55.82
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.82
linux-image-2.6.15-55-itanium 2.6.15-55.82
linux-image-2.6.15-55-itanium-smp 2.6.15-55.82
linux-image-2.6.15-55-k7 2.6.15-55.82
linux-image-2.6.15-55-mckinley 2.6.15-55.82
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.82
linux-image-2.6.15-55-powerpc 2.6.15-55.82
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.82
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.82
linux-image-2.6.15-55-server 2.6.15-55.82
linux-image-2.6.15-55-server-bigiron 2.6.15-55.82
linux-image-2.6.15-55-sparc64 2.6.15-55.82
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.82
Ubuntu 8.04 LTS:
linux-image-2.6.24-27-386 2.6.24-27.65
linux-image-2.6.24-27-generic 2.6.24-27.65
linux-image-2.6.24-27-hppa32 2.6.24-27.65
linux-image-2.6.24-27-hppa64 2.6.24-27.65
linux-image-2.6.24-27-itanium 2.6.24-27.65
linux-image-2.6.24-27-lpia 2.6.24-27.65
linux-image-2.6.24-27-lpiacompat 2.6.24-27.65
linux-image-2.6.24-27-mckinley 2.6.24-27.65
linux-image-2.6.24-27-openvz 2.6.24-27.65
linux-image-2.6.24-27-powerpc 2.6.24-27.65
linux-image-2.6.24-27-powerpc-smp 2.6.24-27.65
linux-image-2.6.24-27-powerpc64-smp 2.6.24-27.65
linux-image-2.6.24-27-rt 2.6.24-27.65
linux-image-2.6.24-27-server 2.6.24-27.65
linux-image-2.6.24-27-sparc64 2.6.24-27.65
linux-image-2.6.24-27-sparc64-smp 2.6.24-27.65
linux-image-2.6.24-27-virtual 2.6.24-27.65
linux-image-2.6.24-27-xen 2.6.24-27.65
Ubuntu 8.10:
linux-image-2.6.27-17-generic 2.6.27-17.45
linux-image-2.6.27-17-server 2.6.27-17.45
linux-image-2.6.27-17-virtual 2.6.27-17.45
Ubuntu 9.04:
linux-image-2.6.28-18-generic 2.6.28-18.59
linux-image-2.6.28-18-imx51 2.6.28-18.59
linux-image-2.6.28-18-iop32x 2.6.28-18.59
linux-image-2.6.28-18-ixp4xx 2.6.28-18.59
linux-image-2.6.28-18-lpia 2.6.28-18.59
linux-image-2.6.28-18-server 2.6.28-18.59
linux-image-2.6.28-18-versatile 2.6.28-18.59
linux-image-2.6.28-18-virtual 2.6.28-18.59
Ubuntu 9.10:
linux-image-2.6.31-19-386 2.6.31-19.56
linux-image-2.6.31-19-generic 2.6.31-19.56
linux-image-2.6.31-19-generic-pae 2.6.31-19.56
linux-image-2.6.31-19-ia64 2.6.31-19.56
linux-image-2.6.31-19-lpia 2.6.31-19.56
linux-image-2.6.31-19-powerpc 2.6.31-19.56
linux-image-2.6.31-19-powerpc-smp 2.6.31-19.56
linux-image-2.6.31-19-powerpc64-smp 2.6.31-19.56
linux-image-2.6.31-19-server 2.6.31-19.56
linux-image-2.6.31-19-sparc64 2.6.31-19.56
linux-image-2.6.31-19-sparc64-smp 2.6.31-19.56
linux-image-2.6.31-19-virtual 2.6.31-19.56
linux-image-2.6.31-108-imx51 2.6.31-108.21
linux-image-2.6.31-211-dove 2.6.31-211.22
linux-image-2.6.31-211-dove-z0 2.6.31-211.22
linux-image-2.6.31-304-ec2 2.6.31-304.10
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06)
the kernel updates have been given a new version number, which requires
you to recompile and reinstall all third party kernel modules you
might have installed. If you use linux-restricted-modules, you have to
update that package as well to get modules which work with the new kernel
version. Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-server, linux-powerpc), a standard system
upgrade will automatically perform this as well.
Details follow:
Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4
filesystems did not correctly check certain disk structures. If a user
were tricked into mounting a specially crafted filesystem, a remote
attacker could crash the system or gain root privileges. (CVE-2009-4020,
CVE-2009-4308)
It was discovered that FUSE did not correctly check certain requests.
A local attacker with access to FUSE mounts could exploit this to
crash the system or possibly gain root privileges. Ubuntu 9.10 was not
affected. (CVE-2009-4021)
It was discovered that KVM did not correctly decode certain guest
instructions. A local attacker in a guest could exploit this to
trigger high scheduling latency in the host, leading to a denial of
service. Ubuntu 6.06 was not affected. (CVE-2009-4031)
It was discovered that the OHCI fireware driver did not correctly
handle certain ioctls. A local attacker could exploit this to crash
the system, or possibly gain root privileges. Ubuntu 6.06 was not
affected. (CVE-2009-4138)
Tavis Ormandy discovered that the kernel did not correctly handle
O_ASYNC on locked files. A local attacker could exploit this to gain
root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141)
Neil Horman and Eugene Teo discovered that the e1000 and e1000e
network drivers did not correctly check the size of Ethernet frames.
An attacker on the local network could send specially crafted traffic
to bypass packet filters, crash the system, or possibly gain root
privileges. (CVE-2009-4536, CVE-2009-4538)
It was discovered that "print-fatal-signals" reporting could show
arbitrary kernel memory contents. A local attacker could exploit
this, leading to a loss of privacy. By default this is disabled in
Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003)
Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly
handle jumbo frames. A remote attacker could exploit this to crash the
system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were
affected. (CVE-2010-0006)
Florian Westphal discovered that bridging netfilter rules could be
modified by unprivileged users. A local attacker could disrupt network
traffic, leading to a denial of service. (CVE-2010-0007)
Al Viro discovered that certain mremap operations could leak kernel
memory. A local attacker could exploit this to consume all available
memory, leading to a denial of service. (CVE-2010-0291)
USN-892-1: FUSE vulnerability
Submitted by KeesCook on Thu, 2010-01-28 20:26Referenced CVEs:
CVE-2009-3297
Description:
===========================================================
Ubuntu Security Notice USN-892-1 January 28, 2010
fuse vulnerability
CVE-2009-3297
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
fuse-utils 2.4.2-0ubuntu3.1
Ubuntu 8.04 LTS:
fuse-utils 2.7.2-1ubuntu2.1
Ubuntu 8.10:
fuse-utils 2.7.3-4ubuntu2.1
Ubuntu 9.04:
fuse-utils 2.7.4-1.1ubuntu4.0.9.04.1
Ubuntu 9.10:
fuse-utils 2.7.4-1.1ubuntu4.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Dan Rosenberg discovered that FUSE did not correctly check mount
locations. A local attacker, with access to use FUSE, could unmount
arbitrary locations, leading to a denial of service.
USN-893-1: Samba vulnerability
Submitted by MarcDeslauriers on Thu, 2010-01-28 18:45Referenced CVEs:
CVE-2009-3297
Description:
===========================================================
Ubuntu Security Notice USN-893-1 January 28, 2010
samba vulnerability
CVE-2009-3297
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
smbfs 3.0.22-1ubuntu3.10
Ubuntu 8.04 LTS:
smbfs 3.0.28a-1ubuntu4.10
Ubuntu 8.10:
smbfs 2:3.2.3-1ubuntu3.7
Ubuntu 9.04:
smbfs 2:3.3.2-1ubuntu3.3
Ubuntu 9.10:
smbfs 2:3.4.0-3ubuntu5.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, suffered from a race condition when verifying user
permissions. A local attacker could trick samba into mounting over
arbitrary locations, leading to a root privilege escalation.
USN-891-1: lintian vulnerabilities
Submitted by KeesCook on Thu, 2010-01-28 07:57Referenced CVEs:
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
Description:
===========================================================
Ubuntu Security Notice USN-891-1 January 28, 2010
lintian vulnerabilities
CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
lintian 1.23.16ubuntu2.1
Ubuntu 8.04 LTS:
lintian 1.23.46ubuntu0.1
Ubuntu 8.10:
lintian 1.24.3ubuntu0.1
Ubuntu 9.04:
lintian 2.2.5ubuntu1.1
Ubuntu 9.10:
lintian 2.2.17ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Raphael Geissert discovered that lintian did not correctly validate
certain filenames when processing input. If a user or an automated system
were tricked into running lintian on a specially crafted set of files,
a remote attacker could execute arbitrary code with user privileges.
USN-803-2: Dhcp vulnerability
Submitted by JamesStrandboge on Wed, 2010-01-27 17:56Referenced CVEs:
CVE-2009-0692
Description:
===========================================================
Ubuntu Security Notice USN-803-2 January 27, 2010
dhcp3 vulnerability
CVE-2009-0692
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
dhcp3-client 3.1.1-1ubuntu2.2
dhcp3-client-udeb 3.1.1-1ubuntu2.2
Ubuntu 9.04:
dhcp-client 3.1.1-5ubuntu8.2
dhcp3-client 3.1.1-5ubuntu8.2
Ubuntu 9.10:
dhcp-client 3.1.2-1ubuntu7.1
dhcp3-client 3.1.2-1ubuntu7.1
After a standard system upgrade you need to restart any DHCP network
connections utilizing dhclient3 to effect the necessary changes.
Details follow:
USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to
fix the vulnerability was not properly applied on Ubuntu 8.10 and higher.
Even with the patch improperly applied, the default compiler options
reduced the vulnerability to a denial of service. Additionally, in Ubuntu
9.04 and higher, users were also protected by the AppArmor dhclient3
profile. This update fixes the problem.
Original advisory details:
It was discovered that the DHCP client as included in dhcp3 did not verify
the length of certain option fields when processing a response from an IPv4
dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a
malicious dhcp server, a remote attacker could cause a denial of service or
execute arbitrary code as the user invoking the program, typically the
'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker
should only be able to cause a denial of service in the DHCP client. In
Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3
profile.
USN-890-4: PyXML vulnerabilities
Submitted by JamesStrandboge on Tue, 2010-01-26 19:23Referenced CVEs:
CVE-2009-3560, CVE-2009-3720
Description:
===========================================================
Ubuntu Security Notice USN-890-4 January 26, 2010
python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-xml 0.8.4-1ubuntu3.1
After a standard system upgrade you need to restart any applications that
use PyXML to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
USN-890-3: Python 2.4 vulnerabilities
Submitted by JamesStrandboge on Fri, 2010-01-22 14:43Referenced CVEs:
CVE-2009-3560, CVE-2009-3720
Description:
===========================================================
Ubuntu Security Notice USN-890-3 January 22, 2010
python2.4 vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4 2.4.3-0ubuntu6.4
python2.4-minimal 2.4.3-0ubuntu6.4
Ubuntu 8.04 LTS:
python2.4 2.4.5-1ubuntu4.3
python2.4-minimal 2.4.5-1ubuntu4.3
Ubuntu 8.10:
python2.4 2.4.5-5ubuntu1.2
python2.4-minimal 2.4.5-5ubuntu1.2
Ubuntu 9.04:
python2.4 2.4.6-1ubuntu3.2.9.04.1
python2.4-minimal 2.4.6-1ubuntu3.2.9.04.1
Ubuntu 9.10:
python2.4 2.4.6-1ubuntu3.2.9.10.1
python2.4-minimal 2.4.6-1ubuntu3.2.9.10.1
After a standard system upgrade you need to restart any Python 2.4
applications that use the PyExpat module to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.4.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
USN-890-2: Python 2.5 vulnerabilities
Submitted by JamesStrandboge on Thu, 2010-01-21 22:05Referenced CVEs:
CVE-2009-3560, CVE-2009-3720
Description:
===========================================================
Ubuntu Security Notice USN-890-2 January 21, 2010
python2.5 vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
python2.5 2.5.2-2ubuntu6.1
python2.5-minimal 2.5.2-2ubuntu6.1
Ubuntu 8.10:
python2.5 2.5.2-11.1ubuntu1.1
python2.5-minimal 2.5.2-11.1ubuntu1.1
Ubuntu 9.04:
python2.5 2.5.4-1ubuntu4.1
python2.5-minimal 2.5.4-1ubuntu4.1
Ubuntu 9.10:
python2.5 2.5.4-1ubuntu6.1
python2.5-minimal 2.5.4-1ubuntu6.1
After a standard system upgrade you need to restart any Python applications
that use the PyExpat module to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.5.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
USN-890-1: Expat vulnerabilities
Submitted by JamesStrandboge on Wed, 2010-01-20 19:06Referenced CVEs:
CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
Description:
===========================================================
Ubuntu Security Notice USN-890-1 January 20, 2010
expat vulnerabilities
CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libexpat1 1.95.8-3ubuntu0.1
libexpat1-udeb 1.95.8-3ubuntu0.1
Ubuntu 8.04 LTS:
lib64expat1 2.0.1-0ubuntu1.1
libexpat1 2.0.1-0ubuntu1.1
libexpat1-udeb 2.0.1-0ubuntu1.1
Ubuntu 8.10:
lib64expat1 2.0.1-4ubuntu0.8.10.1
libexpat1 2.0.1-4ubuntu0.8.10.1
libexpat1-udeb 2.0.1-4ubuntu0.8.10.1
Ubuntu 9.04:
lib64expat1 2.0.1-4ubuntu0.9.04.1
libexpat1 2.0.1-4ubuntu0.9.04.1
libexpat1-udeb 2.0.1-4ubuntu0.9.04.1
Ubuntu 9.10:
lib64expat1 2.0.1-4ubuntu1.1
libexpat1 2.0.1-4ubuntu1.1
libexpat1-udeb 2.0.1-4ubuntu1.1
After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.
Details follow:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
USN-889-1: gzip vulnerabilities
Submitted by MarcDeslauriers on Wed, 2010-01-20 18:48Referenced CVEs:
CVE-2009-2624, CVE-2010-0001
Description:
===========================================================
Ubuntu Security Notice USN-889-1 January 20, 2010
gzip vulnerabilities
CVE-2009-2624, CVE-2010-0001
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
gzip 1.3.5-12ubuntu0.3
Ubuntu 8.04 LTS:
gzip 1.3.12-3.2ubuntu0.1
Ubuntu 8.10:
gzip 1.3.12-6ubuntu2.8.10.1
Ubuntu 9.04:
gzip 1.3.12-6ubuntu2.9.04.1
Ubuntu 9.10:
gzip 1.3.12-8ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that gzip incorrectly handled certain malformed
compressed files. If a user or automated system were tricked into opening a
specially crafted gzip file, an attacker could cause gzip to crash or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-2624)
Aki Helin discovered that gzip incorrectly handled certain malformed
files compressed with the Lempel–Ziv–Welch (LZW) algorithm. If a user or
automated system were tricked into opening a specially crafted gzip file,
an attacker could cause gzip to crash or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0001)


