Ubuntu Security Notice USN-1351-1

31st January, 2012

accountsservice vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10

Summary

AccountsService could be made to overwrite files as the administrator.

Software description

• accountsservice
  - query and manipulate user account information
  
  

Details

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled
privileges when modifying the language settings on Ubuntu. A local attacker
could exploit this issue to modify arbitrary files, and possibly create a
denial of service or obtain increased privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

accountsservice

0.6.14-1git1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4406

Ubuntu Security Notice USN-1352-1

31st January, 2012

software-properties vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

Software Properties could be tricked into installing arbitrary PPA GPG
keys.

Software description

• software-properties
  - manage the repositories that you install software from
  
  

Details

David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

python-software-properties

0.81.13.3

Ubuntu 11.04:

python-software-properties

0.80.9.1

Ubuntu 10.10:

python-software-properties

0.76.7.1

Ubuntu 10.04 LTS:

python-software-properties

0.75.10.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4407

1. 使用更新管理員更換 mirror

1.1. 開啟「更新管理員」。

1.2. 點選「設定」按鈕。

1.3. 點選「下載自：」 一欄，並點選「其他...」。

1.4. 找到國網中心的 mirror 後點選「選擇伺服器」。

2. 使用 sed 取代 mirror

jonny@oneiric:~$ cat /etc/apt/sources.list | grep main | awk '{ print $2}' | cut -d'/' -f3 | sed -n '3P' [Enter]

tw.archive.ubuntu.com

jonny@oneiric:~$ sudo sed -i 's/tw.archive.ubuntu.com/free.nchc.org.tw/g' /etc/apt/sources.list [Enter]

Ubuntu Security Notice USN-1342-1

25th January, 2012

linux-lts-backport-oneiric vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

The system could be made to run programs as an administrator.

Software description

• linux-lts-backport-oneiric
  - Linux kernel backport from Oneiric
  
  

Details

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-15-server

3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic

3.0.0-15.26~lucid1

linux-image-3.0.0-15-virtual

3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic-pae

3.0.0-15.26~lucid1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0056

Ubuntu Security Notice USN-1348-1

26th January, 2012

icu vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

ICU could be made to crash or run programs as your login if it
opened specially crafted data.

Software description

• icu
  - International Components for Unicode library
  
  

Details

It was discovered that ICU did not properly handle invalid locale data
during Unicode conversion. If an application using ICU processed crafted
data, an attacker could cause it to crash or potentially execute arbitrary
code with the privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

libicu44

4.4.2-2ubuntu0.11.10.1

Ubuntu 11.04:

libicu44

4.4.2-2ubuntu0.11.04.1

Ubuntu 10.10:

libicu42

4.2.1-3ubuntu0.10.10.1

Ubuntu 10.04 LTS:

libicu42

4.2.1-3ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4599

Ubuntu Security Notice USN-1349-1

26th January, 2012

xorg vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

X could be made to start by a user who lacked appropriate permissions.

Software description

• xorg
  - X.Org X Window System
  
  

Details

It was discovered that the X wrapper incorrectly checked certain console
permissions when launched by unprivileged users. An attacker connected
remotely could use this flaw to start X, bypassing the console permissions
check.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

xserver-xorg

1:7.6+7ubuntu7.1

Ubuntu 11.04:

xserver-xorg

1:7.6+4ubuntu3.2

Ubuntu 10.10:

xserver-xorg

1:7.5+6ubuntu3.1

Ubuntu 10.04 LTS:

xserver-xorg

1:7.5+5ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4613

Ubuntu Security Notice USN-1263-2

24th January, 2012

openjdk-6, openjdk-6b18 regression

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

USN-1263-1 caused a regression when using OpenJDK 6's SSL/TLS
implementation.

Software description

• openjdk-6
  - Open Source Java implementation
  
  











• openjdk-6b18
  - Open Source Java implementation
  
  

Details

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for
the chosen plaintext attack on the block-wise AES encryption algorithm
(CVE-2011-3389) introduced a regression that caused TLS/SSL connections
to fail when using certain algorithms. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should
not be permitted. (CVE-2011-3377)

Juliano Rizzo and Thai Duong discovered that the block-wise AES
encryption algorithm block-wise as used in TLS/SSL was vulnerable to
a chosen-plaintext attack. This could allow a remote attacker to view
confidential data. (CVE-2011-3389)

It was discovered that a type confusion flaw existed in the in
the Internet Inter-Orb Protocol (IIOP) deserialization code. A
remote attacker could use this to cause an untrusted application
or applet to execute arbitrary code by deserializing malicious
input. (CVE-2011-3521)

It was discovered that the Java scripting engine did not perform
SecurityManager checks. This could allow a remote attacker to cause
an untrusted application or applet to execute arbitrary code with
the full privileges of the JVM. (CVE-2011-3544)

It was discovered that the InputStream class used a global buffer to
store input bytes skipped. An attacker could possibly use this to gain
access to sensitive information. (CVE-2011-3547)

It was discovered that a vulnerability existed in the AWTKeyStroke
class. A remote attacker could cause an untrusted application or applet
to execute arbitrary code. (CVE-2011-3548)

It was discovered that an integer overflow vulnerability existed
in the TransformHelper class in the Java2D implementation. A remote
attacker could use this cause a denial of service via an application
or applet crash or possibly execute arbitrary code. (CVE-2011-3551)

It was discovered that the default number of available UDP sockets for
applications running under SecurityManager restrictions was set too
high. A remote attacker could use this with a malicious application or
applet exhaust the number of available UDP sockets to cause a denial
of service for other applets or applications running within the same
JVM. (CVE-2011-3552)

It was discovered that Java API for XML Web Services (JAX-WS) could
incorrectly expose a stack trace. A remote attacker could potentially
use this to gain access to sensitive information. (CVE-2011-3553)

It was discovered that the unpacker for pack200 JAR files did not
sufficiently check for errors. An attacker could cause a denial of
service or possibly execute arbitrary code through a specially crafted
pack200 JAR file. (CVE-2011-3554)

It was discovered that the RMI registration implementation did not
properly restrict privileges of remotely executed code. A remote
attacker could use this to execute code with elevated privileges.
(CVE-2011-3556, CVE-2011-3557)

It was discovered that the HotSpot VM could be made to crash, allowing
an attacker to cause a denial of service or possibly leak sensitive
information. (CVE-2011-3558)

It was discovered that the HttpsURLConnection class did not
properly perform SecurityManager checks in certain situations. This
could allow a remote attacker to bypass restrictions on HTTPS
connections. (CVE-2011-3560)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

icedtea-6-jre-cacao

6b23~pre11-0ubuntu1.11.10.1

icedtea-6-jre-jamvm

6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre

6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-headless

6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-zero

6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-lib

6b23~pre11-0ubuntu1.11.10.1

Ubuntu 11.04:

icedtea-6-jre-cacao

6b22-1.10.4-0ubuntu1~11.04.2

icedtea-6-jre-jamvm

6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre

6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-headless

6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-zero

6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-lib

6b22-1.10.4-0ubuntu1~11.04.2

Ubuntu 10.10:

openjdk-6-jre-headless

6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-lib

6b20-1.9.10-0ubuntu1~10.10.3

icedtea-6-jre-cacao

6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-zero

6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre

6b20-1.9.10-0ubuntu1~10.10.3

Ubuntu 10.04 LTS:

openjdk-6-jre-headless

6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-lib

6b20-1.9.10-0ubuntu1~10.04.3

icedtea-6-jre-cacao

6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-zero

6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre

6b20-1.9.10-0ubuntu1~10.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java applications
or applets to make all the necessary changes.

References

LP: 891761

Ubuntu Security Notice USN-1336-1

23rd January, 2012

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10

Summary

The system could be made to run programs as an administrator.

Software description

• linux
  - Linux kernel
  
  

Details

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

linux-image-3.0.0-15-omap

3.0.0-15.26

linux-image-3.0.0-15-generic

3.0.0-15.26

linux-image-3.0.0-15-powerpc-smp

3.0.0-15.26

linux-image-3.0.0-15-server

3.0.0-15.26

linux-image-3.0.0-15-generic-pae

3.0.0-15.26

linux-image-3.0.0-15-powerpc64-smp

3.0.0-15.26

linux-image-3.0.0-15-powerpc

3.0.0-15.26

linux-image-3.0.0-15-virtual

3.0.0-15.26

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0056

Ubuntu Security Notice USN-1337-1

23rd January, 2012

linux-lts-backport-natty vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-natty
  - Linux kernel backport from Natty
  
  

Details

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

linux-image-2.6.38-13-virtual

2.6.38-13.54~lucid1

linux-image-2.6.38-13-server

2.6.38-13.54~lucid1

linux-image-2.6.38-13-generic-pae

2.6.38-13.54~lucid1

linux-image-2.6.38-13-generic

2.6.38-13.54~lucid1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-1162,

CVE-2011-2203,

CVE-2011-4110

Ubuntu Security Notice USN-1338-1

23rd January, 2012

rsyslog vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.04

Summary

Rsyslog could be made to crash if it processed a specially crafted log
message.

Software description

• rsyslog
  - Enhanced syslogd
  
  

Details

Peter Eisentraut discovered that Rsyslog would not properly perform input
validation when configured to use imfile. If an attacker were able to
craft messages in a file that Rsyslog monitored, an attacker could cause a
denial of service. The imfile module is disabled by default in Ubuntu.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.04:

rsyslog

4.6.4-2ubuntu4.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4623