Ubuntu Security Notice USN-1355-3

3rd February, 2012

ubufox and webfav update

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

This update provides compatible ubufox and webfav packages for the latest
Firefox.

Software description

• ubufox
  - Ubuntu Firefox specific configuration defaults and apt support
  
  







• webfav
  - Firefox extension for saving web favorites (bookmarks)
  
  

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated
ubufox and webfav packages for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:

xul-ext-webfav

1.17-0ubuntu4.1

xul-ext-ubufox

0.9.3-0ubuntu0.10.10.3

Ubuntu 10.04 LTS:

xul-ext-webfav

1.17-0ubuntu3.1

xul-ext-ubufox

0.9.3-0ubuntu0.10.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-2

3rd February, 2012

mozvoikko update

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

This update provides compatible Mozvoikko packages for the latest Firefox.

Software description

• mozvoikko
  - Finnish spell-checker extension for Firefox
  
  

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an
updated Mozvoikko package for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

xul-ext-mozvoikko

2.0.1-0ubuntu0.11.10.1

Ubuntu 11.04:

xul-ext-mozvoikko

2.0.1-0ubuntu0.11.04.1

Ubuntu 10.10:

xul-ext-mozvoikko

2.0.1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

xul-ext-mozvoikko

2.0.1-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-1

3rd February, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Firefox.

Software description

• firefox
  - Mozilla Open Source web browser
  
  

Details

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

firefox

10.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

firefox

10.0+build1-0ubuntu0.11.04.1

Ubuntu 10.10:

firefox

10.0+build1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

firefox

10.0+build1-0ubuntu0.10.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2011-3659,

CVE-2012-0442,

CVE-2012-0443,

CVE-2012-0444,

CVE-2012-0445,

CVE-2012-0446,

CVE-2012-0447,

CVE-2012-0449,

CVE-2012-0450,

LP: 923319

Ubuntu Security Notice USN-1354-1

1st February, 2012

usbmuxd vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04

Summary

usbmuxd could be made to crash or run programs if it received specially
crafted input.

Software description

• usbmuxd
  - USB multiplexor daemon for iPhone and iPod Touch devices
  
  

Details

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

libusbmuxd1

1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:

libusbmuxd1

1.0.7-1ubuntu0.11.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0065

Ubuntu Security Notice USN-1352-1

31st January, 2012

software-properties vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

Software Properties could be tricked into installing arbitrary PPA GPG
keys.

Software description

• software-properties
  - manage the repositories that you install software from
  
  

Details

David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

python-software-properties

0.81.13.3

Ubuntu 11.04:

python-software-properties

0.80.9.1

Ubuntu 10.10:

python-software-properties

0.76.7.1

Ubuntu 10.04 LTS:

python-software-properties

0.75.10.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4407

Ubuntu Security Notice USN-1351-1

31st January, 2012

accountsservice vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10

Summary

AccountsService could be made to overwrite files as the administrator.

Software description

• accountsservice
  - query and manipulate user account information
  
  

Details

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled
privileges when modifying the language settings on Ubuntu. A local attacker
could exploit this issue to modify arbitrary files, and possibly create a
denial of service or obtain increased privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

accountsservice

0.6.14-1git1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4406

1. 使用更新管理員更換 mirror

1.1. 開啟「更新管理員」。

1.2. 點選「設定」按鈕。

1.3. 點選「下載自：」 一欄，並點選「其他...」。

1.4. 找到國網中心的 mirror 後點選「選擇伺服器」。

2. 使用 sed 取代 mirror

jonny@oneiric:~$ cat /etc/apt/sources.list | grep main | awk '{ print $2}' | cut -d'/' -f3 | sed -n '3P' [Enter]

tw.archive.ubuntu.com

jonny@oneiric:~$ sudo sed -i 's/tw.archive.ubuntu.com/free.nchc.org.tw/g' /etc/apt/sources.list [Enter]

Ubuntu Security Notice USN-1349-1

26th January, 2012

xorg vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

X could be made to start by a user who lacked appropriate permissions.

Software description

• xorg
  - X.Org X Window System
  
  

Details

It was discovered that the X wrapper incorrectly checked certain console
permissions when launched by unprivileged users. An attacker connected
remotely could use this flaw to start X, bypassing the console permissions
check.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

xserver-xorg

1:7.6+7ubuntu7.1

Ubuntu 11.04:

xserver-xorg

1:7.6+4ubuntu3.2

Ubuntu 10.10:

xserver-xorg

1:7.5+6ubuntu3.1

Ubuntu 10.04 LTS:

xserver-xorg

1:7.5+5ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4613

Ubuntu Security Notice USN-1348-1

26th January, 2012

icu vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 11.10



• Ubuntu 11.04



• Ubuntu 10.10



• Ubuntu 10.04 LTS

Summary

ICU could be made to crash or run programs as your login if it
opened specially crafted data.

Software description

• icu
  - International Components for Unicode library
  
  

Details

It was discovered that ICU did not properly handle invalid locale data
during Unicode conversion. If an application using ICU processed crafted
data, an attacker could cause it to crash or potentially execute arbitrary
code with the privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 11.10:

libicu44

4.4.2-2ubuntu0.11.10.1

Ubuntu 11.04:

libicu44

4.4.2-2ubuntu0.11.04.1

Ubuntu 10.10:

libicu42

4.2.1-3ubuntu0.10.10.1

Ubuntu 10.04 LTS:

libicu42

4.2.1-3ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4599

Ubuntu Security Notice USN-1342-1

25th January, 2012

linux-lts-backport-oneiric vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

• Ubuntu 10.04 LTS

Summary

The system could be made to run programs as an administrator.

Software description

• linux-lts-backport-oneiric
  - Linux kernel backport from Oneiric
  
  

Details

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-15-server

3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic

3.0.0-15.26~lucid1

linux-image-3.0.0-15-virtual

3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic-pae

3.0.0-15.26~lucid1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0056