星球
USN-1825-1: Linux kernel vulnerability
Ubuntu Security Notice USN-1825-1
15th May, 2013
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
The system could be made to run programs as an administrator.
Software description
- linux
- Linux kernel
Details
An flaw was discovered in the Linux kernel's perf_events interface. A local
user could exploit this flaw to escalate privileges on the system.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
linux-image-3.2.0-43-powerpc64-smp
3.2.0-43.68
linux-image-3.2.0-43-powerpc-smp
3.2.0-43.68
linux-image-3.2.0-43-generic-pae
3.2.0-43.68
linux-image-3.2.0-43-virtual
3.2.0-43.68
linux-image-3.2.0-43-highbank
3.2.0-43.68
linux-image-3.2.0-43-omap
3.2.0-43.68
linux-image-3.2.0-43-generic
3.2.0-43.68
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-1826-1: Linux kernel vulnerability
Ubuntu Security Notice USN-1826-1
15th May, 2013
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.10
Summary
The system could be made to run programs as an administrator.
Software description
- linux
- Linux kernel
Details
An flaw was discovered in the Linux kernel's perf_events interface. A local
user could exploit this flaw to escalate privileges on the system.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.10:
linux-image-3.5.0-30-omap
3.5.0-30.51
linux-image-3.5.0-30-generic
3.5.0-30.51
linux-image-3.5.0-30-highbank
3.5.0-30.51
linux-image-3.5.0-30-powerpc-smp
3.5.0-30.51
linux-image-3.5.0-30-powerpc64-smp
3.5.0-30.51
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-1827-1: Linux kernel vulnerability
Ubuntu Security Notice USN-1827-1
15th May, 2013
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 13.04
Summary
The system could be made to run programs as an administrator.
Software description
- linux
- Linux kernel
Details
An flaw was discovered in the Linux kernel's perf_events interface. A local
user could exploit this flaw to escalate privileges on the system.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 13.04:
linux-image-3.8.0-21-generic
3.8.0-21.32
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-1828-1: Linux kernel (Quantal HWE) vulnerability
Ubuntu Security Notice USN-1828-1
15th May, 2013
linux-lts-quantal vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
The system could be made to run programs as an administrator.
Software description
- linux-lts-quantal
- Linux hardware enablement kernel from Quantal
Details
An flaw was discovered in the Linux kernel's perf_events interface. A local
user could exploit this flaw to escalate privileges on the system.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
linux-image-3.5.0-30-generic
3.5.0-30.51~precise1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-1821-1: telepathy-idle vulnerability
Ubuntu Security Notice USN-1821-1
9th May, 2013
telepathy-idle vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary
telepathy-idle could be made to expose sensitive information over the
network.
Software description
- telepathy-idle
- IRC connection manager for Telepathy
Details
It was discovered that telepathy-idle did not perform any server
certificate validation when using SSL connections. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to alter or compromise confidential information.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 13.04:
telepathy-idle
0.1.14-1ubuntu0.1
- Ubuntu 12.10:
telepathy-idle
0.1.12-1ubuntu0.1
- Ubuntu 12.04 LTS:
telepathy-idle
0.1.11-2ubuntu0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all
the necessary changes.
References
USN-1822-1: Firefox vulnerabilities
Ubuntu Security Notice USN-1822-1
14th May, 2013
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software description
- firefox
- Mozilla Open Source web browser
Details
Multiple memory safety issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2013-0801, CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). An attacker
could exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2013-1670)
It was discovered that the file input element could expose the full local
path under certain conditions. An attacker could potentially exploit this
to steal sensitive information. (CVE-2013-1671)
A use-after-free was discovered when resizing video content whilst it is
playing. An attacker could potentially exploit this to execute code with
the privileges of the user invoking Firefox. (CVE-2013-1674)
It was discovered that some DOMSVGZoomEvent functions could be used
without being properly initialized, which could lead to information
leakage. (CVE-2013-1675)
Abhishek Arya discovered multiple memory safety issues in Firefox. If
the user were tricked into opening a specially crafted page, an attacker
could possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678,
CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 13.04:
firefox
21.0+build2-0ubuntu0.13.04.2
- Ubuntu 12.10:
firefox
21.0+build2-0ubuntu0.12.10.2
- Ubuntu 12.04 LTS:
firefox
21.0+build2-0ubuntu0.12.04.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
CVE-2013-0801,
CVE-2013-1669,
CVE-2013-1670,
CVE-2013-1671,
CVE-2013-1674,
CVE-2013-1675,
CVE-2013-1676,
CVE-2013-1677,
CVE-2013-1678,
CVE-2013-1679,
CVE-2013-1680,
CVE-2013-1681,
LP: 1178277
USN-1823-1: Thunderbird vulnerabilities
Ubuntu Security Notice USN-1823-1
14th May, 2013
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in Thunderbird.
Software description
- thunderbird
- Mozilla Open Source mail and newsgroup client
Details
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-0801,
CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). If a user had
scripting enabled, an attacker could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2013-1670)
A use-after-free was discovered when resizing video content whilst it is
playing. If a user had scripting enabled, an attacker could potentially
exploit this to execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-1674)
It was discovered that some DOMSVGZoomEvent functions could be used
without being properly initialized, which could lead to information
leakage. (CVE-2013-1675)
Abhishek Arya discovered multiple memory safety issues in Thunderbird. If
the user were tricked into opening a specially crafted message, an
attacker could possibly exploit these to cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677,
CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 13.04:
thunderbird
17.0.6+build1-0ubuntu0.13.04.1
- Ubuntu 12.10:
thunderbird
17.0.6+build1-0ubuntu0.12.10.1
- Ubuntu 12.04 LTS:
thunderbird
17.0.6+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References
CVE-2013-0801,
CVE-2013-1669,
CVE-2013-1670,
CVE-2013-1674,
CVE-2013-1675,
CVE-2013-1676,
CVE-2013-1677,
CVE-2013-1678,
CVE-2013-1679,
CVE-2013-1680,
CVE-2013-1681,
LP: 1178649
USN-1824-1: Linux kernel vulnerabilities
Ubuntu Security Notice USN-1824-1
15th May, 2013
linux vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.04 LTS
Summary
Several security issues were fixed in the kernel.
Software description
- linux
- Linux kernel
Details
Mathias Krause discovered an information leak in the Linux kernel's ISO
9660 CDROM file system driver. A local user could exploit this flaw to
examine some of the kernel's heap memory. (CVE-2012-6549)
Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local
attacker with NET_ADMIN capability could potentially exploit this flaw to
escalate privileges. (CVE-2013-1826)
A buffer overflow was discovered in the Linux Kernel's USB subsystem for
devices reporting the cdc-wdm class. A specially crafted USB device when
plugged-in could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2013-1860)
An information leak was discovered in the Linux kernel's /dev/dvb device. A
local user could exploit this flaw to obtain sensitive information from the
kernel's stack memory. (CVE-2013-1928)
An information leak in the Linux kernel's dcb netlink interface was
discovered. A local user could obtain sensitive information by examining
kernel stack memory. (CVE-2013-2634)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.04 LTS:
linux-image-2.6.32-47-386
2.6.32-47.109
linux-image-2.6.32-47-lpia
2.6.32-47.109
linux-image-2.6.32-47-ia64
2.6.32-47.109
linux-image-2.6.32-47-generic
2.6.32-47.109
linux-image-2.6.32-47-versatile
2.6.32-47.109
linux-image-2.6.32-47-server
2.6.32-47.109
linux-image-2.6.32-47-powerpc64-smp
2.6.32-47.109
linux-image-2.6.32-47-generic-pae
2.6.32-47.109
linux-image-2.6.32-47-powerpc-smp
2.6.32-47.109
linux-image-2.6.32-47-virtual
2.6.32-47.109
linux-image-2.6.32-47-sparc64-smp
2.6.32-47.109
linux-image-2.6.32-47-powerpc
2.6.32-47.109
linux-image-2.6.32-47-preempt
2.6.32-47.109
linux-image-2.6.32-47-sparc64
2.6.32-47.109
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2012-6549,
CVE-2013-1826,
CVE-2013-1860,
CVE-2013-1928,
CVE-2013-2634
用wine玩模擬城市3000
USN-1820-1: gpsd vulnerability
Ubuntu Security Notice USN-1820-1
8th May, 2013
gpsd vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
gpsd could be made to crash or possibly run programs if it received
specially crafted input.
Software description
- gpsd
- Global Positioning System - daemon
Details
It was discovered that gpsd incorrectly handled certain malformed GPS data.
An attacker could use this issue to cause gpsd to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
gpsd
3.4-2ubuntu0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.