About Ubuntu

=========================================================== Ubuntu Security Notice USN-810-3 September 02, 2009 nss regression https://launchpad.net/bugs/409864 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.2 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.2 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.2 After a standard system upgrade you need to restart any applications that use NSS, such as Firefox, to effect the necessary changes. Details follow: USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)

=========================================================== Ubuntu Security Notice USN-827-1 September 01, 2009 dnsmasq vulnerabilities CVE-2009-2957, CVE-2009-2958 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dnsmasq-base 2.41-2ubuntu2.2 Ubuntu 8.10: dnsmasq-base 2.45-1ubuntu1.1 Ubuntu 9.04: dnsmasq-base 2.47-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by default on Ubuntu. (CVE-2009-2957) Steve Grubb discovered that Dnsmasq could be made to dereference a NULL pointer when processing certain TFTP requests. A remote attacker could cause a denial of service by sending a crafted TFTP request. (CVE-2009-2958)

=========================================================== Ubuntu Security Notice USN-826-1 August 26, 2009 mono vulnerabilities CVE-2008-3422, CVE-2008-3906, CVE-2009-0217 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libmono-security1.0-cil 1.2.6+dfsg-6ubuntu3.1 libmono-security2.0-cil 1.2.6+dfsg-6ubuntu3.1 libmono-system-web1.0-cil 1.2.6+dfsg-6ubuntu3.1 libmono-system-web2.0-cil 1.2.6+dfsg-6ubuntu3.1 Ubuntu 8.10: libmono-security1.0-cil 1.9.1+dfsg-4ubuntu2.1 libmono-security2.0-cil 1.9.1+dfsg-4ubuntu2.1 libmono-system-web1.0-cil 1.9.1+dfsg-4ubuntu2.1 libmono-system-web2.0-cil 1.9.1+dfsg-4ubuntu2.1 Ubuntu 9.04: libmono-security1.0-cil 2.0.1-4ubuntu0.1 libmono-security2.0-cil 2.0.1-4ubuntu0.1 libmono-system-web1.0-cil 2.0.1-4ubuntu0.1 libmono-system-web2.0-cil 2.0.1-4ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422) It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3906)

=========================================================== Ubuntu Security Notice USN-825-1 August 24, 2009 libvorbis vulnerability CVE-2008-1420, CVE-2009-2663 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libvorbis0a 1.2.0.dfsg-2ubuntu0.2 Ubuntu 8.10: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.1 Ubuntu 9.04: libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.1 After a standard system upgrade you need to restart any applications that use libvorbis, such as Totem and gtkpod, to effect the necessary changes. Details follow: It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-2663) USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. Original advisory details: It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1420)

=========================================================== Ubuntu Security Notice USN-824-1 August 24, 2009 php5 vulnerability CVE-2009-2687 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: php5-cgi 5.1.2-1ubuntu3.15 php5-cli 5.1.2-1ubuntu3.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.7 php5-cli 5.2.4-2ubuntu5.7 Ubuntu 8.10: php5-cgi 5.2.6-2ubuntu4.3 php5-cli 5.2.6-2ubuntu4.3 Ubuntu 9.04: php5-cgi 5.2.6.dfsg.1-3ubuntu4.2 php5-cli 5.2.6.dfsg.1-3ubuntu4.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.

=========================================================== Ubuntu Security Notice USN-823-1 August 24, 2009 kdegraphics vulnerabilities CVE-2009-0945, CVE-2009-1709 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: ksvg 4:3.5.10-0ubuntu1~hardy1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

=========================================================== Ubuntu Security Notice USN-822-1 August 24, 2009 kde4libs, kdelibs vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2 Ubuntu 8.10: kdelibs4c2a 4:3.5.10-0ubuntu6.1 kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2 Ubuntu 9.04: kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1 kdelibs5 4:4.2.2-0ubuntu5.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1698)

=========================================================== Ubuntu Security Notice USN-817-1 August 20, 2009 thunderbird vulnerabilities http://launchpad.net/bugs/416646 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: thunderbird 2.0.0.23+build1+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Several flaws were discovered in the rendering engine of Thunderbird. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.

=========================================================== Ubuntu Security Notice USN-820-1 August 20, 2009 pidgin vulnerability CVE-2009-2694 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.6 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.4 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.4 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

=========================================================== Ubuntu Security Notice USN-809-1 August 19, 2009 gnutls12, gnutls13, gnutls26 vulnerabilities CVE-2009-2409, CVE-2009-2730, https://launchpad.net/bugs/305264 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.7 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.6 Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.4 Ubuntu 9.04: libgnutls26 2.4.2-6ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730) Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409) USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)