Ubuntu 正體中文站 :: 首頁 http://www.ubuntu-tw.org/modules/planet/index.php Fri, 03 Sep 2010 05:04:04 +1600 ARTICLE @ XOOPS powered by FeedCreator http://www.ubuntu-tw.org/modules/planet/images/planet.png Ubuntu 正體中文站 :: 首頁 http://www.ubuntu-tw.org/modules/planet/ 80 15 首頁 XML zh-tw bluet at ubuntu-tw dot org bluet at ubuntu-tw dot org 星球 USN-981-1: libwww-perl vulnerability http://www.ubuntu-tw.org/modules/planet/view.article.php?2370
Referenced CVEs: 



CVE-2010-2253




Description: 




===========================================================
Ubuntu Security Notice USN-981-1 August 31, 2010
libwww-perl vulnerability
CVE-2010-2253
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libwww-perl 5.803-4ubuntu0.1

Ubuntu 8.04 LTS:
libwww-perl 5.808-1ubuntu0.1

Ubuntu 9.04:
libwww-perl 5.820-1ubuntu0.1

Ubuntu 9.10:
libwww-perl 5.831-1ubuntu0.1

Ubuntu 10.04 LTS:
libwww-perl 5.834-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that libwww-perl incorrectly filtered filenames suggested
by Content-Disposition headers. If a user were tricked into downloading a
file from a malicious site, a remote attacker could overwrite hidden files
in the user's directory.



出處: http://www.ubuntu.com/usn/usn-981-1 SecurityTeam]]> SecurityTeam Tue, 31 Aug 2010 22:05:39 +1600 USN-980-1: bogofilter vulnerability http://www.ubuntu-tw.org/modules/planet/view.article.php?2368
Referenced CVEs: 



CVE-2010-2494




Description: 




===========================================================
Ubuntu Security Notice USN-980-1 August 31, 2010
bogofilter vulnerability
CVE-2010-2494
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
bogofilter-bdb 1.1.5-2ubuntu5.1
bogofilter-sqlite 1.1.5-2ubuntu5.1

Ubuntu 9.04:
bogofilter-bdb 1.1.7-1ubuntu1.1
bogofilter-sqlite 1.1.7-1ubuntu1.1

Ubuntu 9.10:
bogofilter-bdb 1.2.0-3ubuntu1.1
bogofilter-sqlite 1.2.0-3ubuntu1.1

Ubuntu 10.04 LTS:
bogofilter-bdb 1.2.1-0ubuntu1.1
bogofilter-sqlite 1.2.1-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

Julius Plenz discovered that bogofilter incorrectly handled certain
malformed encodings. By sending a specially crafted email, a remote
attacker could exploit this and cause bogofilter to crash, resulting in a
denial of service.



出處: http://www.ubuntu.com/usn/usn-980-1 SecurityTeam]]> SecurityTeam Tue, 31 Aug 2010 21:46:56 +1600 USN-979-1: okular vulnerability http://www.ubuntu-tw.org/modules/planet/view.article.php?2366
Referenced CVEs: 



CVE-2010-2575




Description: 




===========================================================
Ubuntu Security Notice USN-979-1 August 27, 2010
kdegraphics vulnerability
CVE-2010-2575
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
okular 4:4.2.2-0ubuntu2.1

Ubuntu 9.10:
okular 4:4.3.2-0ubuntu1.1

Ubuntu 10.04 LTS:
okular 4:4.4.2-0ubuntu1.1

After a standard system update you need to restart any running instances
of okular to make all the necessary changes.

Details follow:

Stefan Cornelius of Secunia Research discovered a boundary error during
RLE decompression in the "TranscribePalmImageToJPEG()" function in
generators/plucker/inplug/image.cpp of okular when processing images
embedded in PDB files, which can be exploited to cause a heap-based
buffer overflow. (CVE-2010-2575)



出處: http://www.ubuntu.com/usn/usn-979-1 SecurityTeam]]> SecurityTeam Fri, 27 Aug 2010 10:06:17 +1600 為 mupdf 加上全螢幕切換功能 http://www.ubuntu-tw.org/modules/planet/view.article.php?2364 出處: http://blog.linux.org.tw/~jserv/archives/2010/08/_mupdf.html jserv]]> jserv Fri, 27 Aug 2010 16:50:00 +1600 Linux上的電子收銀機系統(POS)-LemonPOS http://www.ubuntu-tw.org/modules/planet/view.article.php?2362 出處: http://magicdesign.blogspot.com/2010/08/linuxpos-lemonpos.html 魔法設計師]]> 魔法設計師 Sat, 28 Aug 2010 10:17:00 +1600 USN-974-2: Linux kernel regression http://www.ubuntu-tw.org/modules/planet/view.article.php?2360
Description: 




===========================================================
Ubuntu Security Notice USN-974-2 August 26, 2010
linux regression
https://launchpad.net/bugs/620994
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-28-386 2.6.24-28.77
linux-image-2.6.24-28-generic 2.6.24-28.77
linux-image-2.6.24-28-hppa32 2.6.24-28.77
linux-image-2.6.24-28-hppa64 2.6.24-28.77
linux-image-2.6.24-28-itanium 2.6.24-28.77
linux-image-2.6.24-28-lpia 2.6.24-28.77
linux-image-2.6.24-28-lpiacompat 2.6.24-28.77
linux-image-2.6.24-28-mckinley 2.6.24-28.77
linux-image-2.6.24-28-openvz 2.6.24-28.77
linux-image-2.6.24-28-powerpc 2.6.24-28.77
linux-image-2.6.24-28-powerpc-smp 2.6.24-28.77
linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.77
linux-image-2.6.24-28-rt 2.6.24-28.77
linux-image-2.6.24-28-server 2.6.24-28.77
linux-image-2.6.24-28-sparc64 2.6.24-28.77
linux-image-2.6.24-28-sparc64-smp 2.6.24-28.77
linux-image-2.6.24-28-virtual 2.6.24-28.77
linux-image-2.6.24-28-xen 2.6.24-28.77

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for
CVE-2010-2240 caused failures for Xen hosts. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory
manager did not properly handle when applications grow stacks into adjacent
memory regions. A local attacker could exploit this to gain control of
certain applications, potentially leading to privilege escalation, as
demonstrated in attacks against the X server. (CVE-2010-2240)

Kees Cook discovered that under certain situations the ioctl subsystem for
DRM did not properly sanitize its arguments. A local attacker could exploit
this to read previously freed kernel memory, leading to a loss of privacy.
(CVE-2010-2803)

Ben Hawkes discovered an integer overflow in the Controller Area Network
(CAN) subsystem when setting up frame content and filtering certain
messages. An attacker could send specially crafted CAN traffic to crash the
system or gain root privileges. (CVE-2010-2959)



出處: http://www.ubuntu.com/usn/usn-974-2 SecurityTeam]]> SecurityTeam Fri, 27 Aug 2010 02:36:03 +1600 我的ThinkpadX201i A22+Ubuntu10.04 webcam問題的解法 http://www.ubuntu-tw.org/modules/planet/view.article.php?2358 出處: http://magicdesign.blogspot.com/2010/08/thinkpadx201i-a22ubuntu1004-webcam.html 魔法設計師]]> 魔法設計師 Thu, 26 Aug 2010 10:27:00 +1600 USN-977-1: MoinMoin vulnerabilities http://www.ubuntu-tw.org/modules/planet/view.article.php?2356
Referenced CVEs: 



CVE-2010-2487, CVE-2010-2969, CVE-2010-2970




Description: 




===========================================================
Ubuntu Security Notice USN-977-1 August 25, 2010
moin vulnerabilities
CVE-2010-2487, CVE-2010-2969, CVE-2010-2970
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.7

Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.5

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.5

Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.3

Ubuntu 10.04 LTS:
python-moinmoin 1.9.2-2ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.



出處: http://www.ubuntu.com/usn/usn-977-1 SecurityTeam]]> SecurityTeam Wed, 25 Aug 2010 23:46:03 +1600 USN-976-1: Tomcat vulnerability http://www.ubuntu-tw.org/modules/planet/view.article.php?2354
Referenced CVEs: 



CVE-2010-2227




Description: 




===========================================================
Ubuntu Security Notice USN-976-1 August 25, 2010
tomcat6 vulnerability
CVE-2010-2227
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
libtomcat6-java 6.0.18-0ubuntu6.3

Ubuntu 9.10:
libtomcat6-java 6.0.20-2ubuntu2.2

Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.3

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding
headers. A remote attacker could send specially crafted requests containing
invalid headers to the server and cause a denial of service, or possibly
obtain sensitive information from other requests.



出處: http://www.ubuntu.com/usn/usn-976-1 SecurityTeam]]> SecurityTeam Wed, 25 Aug 2010 23:38:36 +1600 Ubuntu Studio 10.04 進一步調校(音樂製作用) http://www.ubuntu-tw.org/modules/planet/view.article.php?2352 出處: http://magicdesign.blogspot.com/2010/08/ubuntu-studio-1004.html 魔法設計師]]> 魔法設計師 Tue, 24 Aug 2010 22:53:00 +1600