About Ubuntu

=========================================================== Ubuntu Security Notice USN-850-3 November 02, 2009 poppler vulnerabilities CVE-2009-3603, CVE-2009-3604, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: libpoppler-glib4 0.12.0-0ubuntu2.1 libpoppler5 0.12.0-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-850-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for Ubuntu 9.10. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

=========================================================== Ubuntu Security Notice USN-853-1 October 31, 2009 firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3371, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3377, CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.15+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: abrowser 3.0.15+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.15+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.15+nobinonly-0ubuntu0.9.04.1 Ubuntu 9.10: firefox-3.5 3.5.4+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.1 1.9.1.4+nobinonly-0ubuntu0.9.10.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1563) Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. (CVE-2009-3274) Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. (CVE-2009-3370) Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3371) A flaw was discovered in the way Firefox processed Proxy Auto-configuration (PAC) files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3372) A heap-based buffer overflow was discovered in Mozilla's GIF image parser. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3373) A flaw was discovered in the JavaScript engine of Firefox. An attacker could exploit this to execute scripts from page content with chrome privileges. (CVE-2009-3374) Gregory Fleischer discovered that the same-origin check in Firefox could be bypassed by utilizing the document.getSelection function. An attacker could exploit this to read data from other domains. (CVE-2009-3375) Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display filenames containing right-to-left (RTL) override characters. If a user were tricked into downloading a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. (CVE-2009-3376) Several flaws were discovered in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3377) Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, Kevin Brosnan, David Anderson and Jeff Walden discovered various flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3380, CVE-2009-3381, CVE-2009-3382, CVE-2009-3383)

=========================================================== Ubuntu Security Notice USN-850-2 October 22, 2009 poppler regression https://launchpad.net/bugs/457985 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.7 libpoppler1-glib 0.5.1-0ubuntu7.7 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.4 libpoppler2 0.6.4-1ubuntu3.4 Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.5 libpoppler3 0.8.7-1ubuntu0.5 Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.5 libpoppler4 0.10.5-1ubuntu2.5 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

=========================================================== Ubuntu Security Notice USN-852-1 October 22, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-1883, CVE-2009-2584, CVE-2009-2695, CVE-2009-2698, CVE-2009-2767, CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849, CVE-2009-2903, CVE-2009-2908, CVE-2009-3001, CVE-2009-3002, CVE-2009-3238, CVE-2009-3286, CVE-2009-3288, CVE-2009-3290 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.80 linux-image-2.6.15-55-686 2.6.15-55.80 linux-image-2.6.15-55-amd64-generic 2.6.15-55.80 linux-image-2.6.15-55-amd64-k8 2.6.15-55.80 linux-image-2.6.15-55-amd64-server 2.6.15-55.80 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.80 linux-image-2.6.15-55-hppa32 2.6.15-55.80 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.80 linux-image-2.6.15-55-hppa64 2.6.15-55.80 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.80 linux-image-2.6.15-55-itanium 2.6.15-55.80 linux-image-2.6.15-55-itanium-smp 2.6.15-55.80 linux-image-2.6.15-55-k7 2.6.15-55.80 linux-image-2.6.15-55-mckinley 2.6.15-55.80 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.80 linux-image-2.6.15-55-powerpc 2.6.15-55.80 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.80 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.80 linux-image-2.6.15-55-server 2.6.15-55.80 linux-image-2.6.15-55-server-bigiron 2.6.15-55.80 linux-image-2.6.15-55-sparc64 2.6.15-55.80 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.80 Ubuntu 8.04 LTS: linux-image-2.6.24-25-386 2.6.24-25.63 linux-image-2.6.24-25-generic 2.6.24-25.63 linux-image-2.6.24-25-hppa32 2.6.24-25.63 linux-image-2.6.24-25-hppa64 2.6.24-25.63 linux-image-2.6.24-25-itanium 2.6.24-25.63 linux-image-2.6.24-25-lpia 2.6.24-25.63 linux-image-2.6.24-25-lpiacompat 2.6.24-25.63 linux-image-2.6.24-25-mckinley 2.6.24-25.63 linux-image-2.6.24-25-openvz 2.6.24-25.63 linux-image-2.6.24-25-powerpc 2.6.24-25.63 linux-image-2.6.24-25-powerpc-smp 2.6.24-25.63 linux-image-2.6.24-25-powerpc64-smp 2.6.24-25.63 linux-image-2.6.24-25-rt 2.6.24-25.63 linux-image-2.6.24-25-server 2.6.24-25.63 linux-image-2.6.24-25-sparc64 2.6.24-25.63 linux-image-2.6.24-25-sparc64-smp 2.6.24-25.63 linux-image-2.6.24-25-virtual 2.6.24-25.63 linux-image-2.6.24-25-xen 2.6.24-25.63 Ubuntu 8.10: linux-image-2.6.27-15-generic 2.6.27-15.43 linux-image-2.6.27-15-server 2.6.27-15.43 linux-image-2.6.27-15-virtual 2.6.27-15.43 Ubuntu 9.04: linux-image-2.6.28-16-generic 2.6.28-16.55 linux-image-2.6.28-16-imx51 2.6.28-16.55 linux-image-2.6.28-16-iop32x 2.6.28-16.55 linux-image-2.6.28-16-ixp4xx 2.6.28-16.55 linux-image-2.6.28-16-lpia 2.6.28-16.55 linux-image-2.6.28-16-server 2.6.28-16.55 linux-image-2.6.28-16-versatile 2.6.28-16.55 linux-image-2.6.28-16-virtual 2.6.28-16.55 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-1883) Michael Buesch discovered that the SGI GRU driver did not correctly check the length when setting options. A local attacker could exploit this to write to the kernel stack, leading to root privilege escalation or a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584) It was discovered that SELinux did not fully implement the mmap_min_addr restrictions. A local attacker could exploit this to allocate the NULL memory page which could lead to further attacks against kernel NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected. (CVE-2009-2695) Cagri Coltekin discovered that the UDP stack did not correctly handle certain flags. A local user could send specially crafted commands and traffic to gain root privileges or crash the systeam, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-2698) Hiroshi Shimamoto discovered that monotonic timers did not correctly validate parameters. A local user could make a specially crafted timer request to gain root privileges or crash the system, leading to a denial of service. Only affected Ubuntu 9.04. (CVE-2009-2767) Michael Buesch discovered that the HPPA ISA EEPROM driver did not correctly validate positions. A local user could make a specially crafted request to gain root privileges or crash the system, leading to a denial of service. (CVE-2009-2846) Ulrich Drepper discovered that kernel signal stacks were not being correctly padded on 64-bit systems. A local attacker could send specially crafted calls to expose 4 bytes of kernel stack memory, leading to a loss of privacy. (CVE-2009-2847) Jens Rosenboom discovered that the clone method did not correctly clear certain fields. A local attacker could exploit this to gain privileges or crash the system, leading to a denial of service. (CVE-2009-2848) It was discovered that the MD driver did not check certain sysfs files. A local attacker with write access to /sys could exploit this to cause a system crash, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2849) Mark Smith discovered that the AppleTalk stack did not correctly manage memory. A remote attacker could send specially crafted traffic to cause the system to consume all available memory, leading to a denial of service. (CVE-2009-2903) Loïc Minier discovered that eCryptfs did not correctly handle writing to certain deleted files. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2908) It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and ROSE network stacks did not correctly initialize their data structures. A local attacker could make specially crafted calls to read kernel memory, leading to a loss of privacy. (CVE-2009-3001, CVE-2009-3002) It was discovered that the randomization used for Address Space Layout Randomization was predictable within a small window of time. A local attacker could exploit this to leverage further attacks that require knowledge of userspace memory layouts. (CVE-2009-3238) Eric Paris discovered that NFSv4 did not correctly handle file creation failures. An attacker with write access to an NFSv4 share could exploit this to create files with arbitrary mode bits, leading to privilege escalation or a loss of privacy. (CVE-2009-3286) Bob Tracy discovered that the SCSI generic driver did not correctly use the right index for array access. A local attacker with write access to a CDR could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288) Jan Kiszka discovered that KVM did not correctly validate certain hypercalls. A local unprivileged attacker in virtual guest could exploit this to crash the guest kernel, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-3290)

=========================================================== Ubuntu Security Notice USN-851-1 October 21, 2009 elinks vulnerabilities CVE-2006-5925, CVE-2008-7224 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: elinks 0.10.6-1ubuntu3.4 elinks-lite 0.10.6-1ubuntu3.4 After a standard system upgrade you need to restart Elinks to effect the necessary changes. Details follow: Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2006-5925) Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-7224)

=========================================================== Ubuntu Security Notice USN-850-1 October 21, 2009 poppler vulnerabilities CVE-2009-0755, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.6 libpoppler1-glib 0.5.1-0ubuntu7.6 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.3 libpoppler2 0.6.4-1ubuntu3.3 Ubuntu 8.10: libpoppler-glib3 0.8.7-1ubuntu0.4 libpoppler3 0.8.7-1ubuntu0.4 Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.4 libpoppler4 0.10.5-1ubuntu2.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

=========================================================== Ubuntu Security Notice USN-849-1 October 15, 2009 libsndfile vulnerabilities CVE-2009-1788, CVE-2009-1791 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libsndfile1 1.0.17-4ubuntu0.8.04.2 Ubuntu 8.10: libsndfile1 1.0.17-4ubuntu0.8.10.2 Ubuntu 9.04: libsndfile1 1.0.17-4ubuntu1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Tobias Klein discovered a heap-based buffer overflow in libsndfile. If a user or automated system processed a crafted VOC file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1788) Erik de Castro Lopo discovered a similar heap-based buffer overflow when processing AIFF files. If a user or automated system processed a crafted AIFF file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1791)

=========================================================== Ubuntu Security Notice USN-848-1 October 14, 2009 zope3 vulnerabilities CVE-2009-0668, CVE-2009-0669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: zope3 3.2.1-1ubuntu1.2 Ubuntu 8.04 LTS: zope3 3.3.1-5ubuntu2.2 Ubuntu 8.10: zope3 3.3.1-7ubuntu0.2 Ubuntu 9.04: zope3 3.4.0-0ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) It was discovered that the Zope Object Database (ZODB) database server (ZEO) did not handle authentication properly when a database is shared among multiple applications or application instances. A remote attacker could use this flaw to bypass security restrictions. (CVE-2009-0669) It was discovered that Zope did not limit the number of new object ids a client could request. A remote attacker could use this flaw to consume a huge amount of resources, leading to a denial of service. (No CVE identifier)

=========================================================== Ubuntu Security Notice USN-847-2 October 09, 2009 devscripts vulnerability CVE-2009-2946 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: devscripts 2.9.10-0ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.

=========================================================== Ubuntu Security Notice USN-847-1 October 08, 2009 devscripts vulnerability CVE-2009-2946 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: devscripts 2.10.11ubuntu5.8.04.4 Ubuntu 8.10: devscripts 2.10.26ubuntu15.2 Ubuntu 9.04: devscripts 2.10.39ubuntu7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.