星球

Blog:Ubuntu security notices


最後更新: 2016/10/4 19:54:36
RSS | RDF | ATOM

USN-1108-2: DHCP vulnerability

2011/4/20 3:03:21 | Ubuntu security notices

Ubuntu Security Notice USN-1108-2


19th April, 2011


dhcp3 vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10





Summary


An attacker's DHCP server could send crafted responses to your computer and
cause it to run programs as root.





Software description





  • dhcp3
    - DHCP Client











Details


USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix
the vulnerability was not properly applied on Ubuntu 9.10 and higher. This
update fixes the problem.



Original advisory details:



Sebastian Krahmer discovered that the dhclient utility incorrectly filtered
crafted responses. An attacker could use this flaw with a malicious DHCP
server to execute arbitrary code, resulting in root privilege escalation.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




dhcp3-client

3.1.3-2ubuntu6.2





Ubuntu 10.04 LTS:




dhcp3-client

3.1.3-2ubuntu3.2





Ubuntu 9.10:




dhcp3-client

3.1.2-1ubuntu7.3








In general, a standard system update will make all the necessary changes.





References




CVE-2011-0997


USN-1114-1: KDENetwork vulnerability

2011/4/19 9:12:52 | Ubuntu security notices

Ubuntu Security Notice USN-1114-1


18th April, 2011


kdenetwork vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10





Summary


An attacker could overwrite files owned by the user if KGet opened a
crafted metalink file.





Software description





  • kdenetwork
    - networking applications for KDE 4











Details


It was discovered that KGet did not properly perform input validation when
processing metalink files. If a user were tricked into opening a crafted
metalink file, a remote attacker could overwrite files via directory
traversal, which could eventually lead to arbitrary code execution.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




kget

4:4.5.1-0ubuntu2.2





Ubuntu 10.04 LTS:




kget

4:4.4.5-0ubuntu1.1





Ubuntu 9.10:




kget

4:4.3.2-0ubuntu4.5








After a standard system update you need to restart KGet to make all the
necessary changes.





References




CVE-2011-1586


USN-1113-1: Postfix vulnerabilities

2011/4/19 3:14:18 | Ubuntu security notices

Ubuntu Security Notice USN-1113-1


18th April, 2011


postfix vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS


  • Ubuntu 6.06 LTS





Summary


An attacker could send crafted input to Postfix and cause it to reveal
confidential information.





Software description





  • postfix
    - High-performance mail transport agent















Details


It was discovered that the Postfix package incorrectly granted write access
on the PID directory to the postfix user. A local attacker could use this
flaw to possibly conduct a symlink attack and overwrite arbitrary files.
This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)



Wietse Venema discovered that Postfix incorrectly handled cleartext
commands after TLS is in place. A remote attacker could exploit this to
inject cleartext commands into TLS sessions, and possibly obtain
confidential information such as passwords. (CVE-2011-0411)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




postfix

2.7.1-1ubuntu0.1





Ubuntu 10.04 LTS:




postfix

2.7.0-1ubuntu0.1





Ubuntu 9.10:




postfix

2.6.5-3ubuntu0.1





Ubuntu 8.04 LTS:




postfix

2.5.1-2ubuntu1.3





Ubuntu 6.06 LTS:




postfix

2.2.10-1ubuntu0.3








In general, a standard system update will make all the necessary changes.





References




CVE-2009-2939,

CVE-2011-0411


USN-1108-1: DHCP vulnerability

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1108-1


11th April, 2011


dhcp3 vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS


  • Ubuntu 6.06 LTS





Summary


An attacker's DHCP server could send crafted responses to your computer
and cause it to run programs as root.





Software description





  • dhcp3
    - DHCP Client















Details


Sebastian Krahmer discovered that the dhclient utility incorrectly filtered
crafted responses. An attacker could use this flaw with a malicious DHCP
server to execute arbitrary code, resulting in root privilege escalation.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




dhcp3-client

3.1.3-2ubuntu6.1





Ubuntu 10.04 LTS:




dhcp3-client

3.1.3-2ubuntu3.1





Ubuntu 9.10:




dhcp3-client

3.1.2-1ubuntu7.2





Ubuntu 8.04 LTS:




dhcp3-client

3.0.6.dfsg-1ubuntu9.2





Ubuntu 6.06 LTS:




dhcp3-client

3.0.3-6ubuntu7.2








In general, a standard system update will make all the necessary changes.





References




CVE-2011-0997


USN-1109-1: GIMP vulnerabilities

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1109-1


13th April, 2011


gimp vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS





Summary


GIMP could be made to run programs as your login if it opened a
specially crafted file.





Software description





  • gimp
    - The GNU Image Manipulation Program













Details


It was discovered that GIMP incorrectly handled malformed data in certain
plugin configuration files. If a user were tricked into opening a specially
crafted plugin configuration file, an attacker could cause GIMP to crash,
or possibly execute arbitrary code with the user's privileges. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)



It was discovered that GIMP incorrectly handled malformed PSP image files.
If a user were tricked into opening a specially crafted PSP image file, an
attacker could cause GIMP to crash, or possibly execute arbitrary code with
the user's privileges. (CVE-2010-4543)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




gimp

2.6.10-1ubuntu3.2





Ubuntu 10.04 LTS:




gimp

2.6.8-2ubuntu1.2





Ubuntu 9.10:




gimp

2.6.7-1ubuntu1.2





Ubuntu 8.04 LTS:




gimp

2.4.5-1ubuntu2.3








After a standard system update you need to restart GIMP to make all the
necessary changes.





References




CVE-2010-4540,

CVE-2010-4541,

CVE-2010-4542,

CVE-2010-4543


USN-1110-1: KDE-Libs vulnerabilities

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1110-1


14th April, 2011


kde4libs vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10





Summary


An attacker could send crafted input to Konqueror to view sensitive
information.





Software description





  • kde4libs
    - KDE 4 core applications











Details


It was discovered that KDE KSSL did not properly verify X.509 certificates
when the certificate was issued for an IP address. An attacker could
exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2011-1094)



Tim Brown discovered that KDE KHTML did not properly escape URLs from
externally generated error pages. An attacker could expoit this to conduct
cross-site scripting attacks. With cross-site scripting vulnerabilities, if
a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data (such as passwords), within the same domain.
(CVE-2011-1168)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




libkio5

4:4.5.1-0ubuntu8.1






libkhtml5

4:4.5.1-0ubuntu8.1





Ubuntu 10.04 LTS:




kdelibs5

4:4.4.5-0ubuntu1.1





Ubuntu 9.10:




kdelibs5

4:4.3.2-0ubuntu7.3








After a standard system update you need to restart any applications that
use KSSL or KHTML, such as Konqueror, to make all the necessary changes.





References




CVE-2011-1094,

CVE-2011-1168


USN-1107-1: x11-xserver-utils vulnerability

2011/4/14 22:21:26 | Ubuntu security notices

Ubuntu Security Notice USN-1107-1


6th April, 2011


x11-xserver-utils vulnerability


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS





Summary


An attacker could send crafted input to xrdb and cause it to run programs
as root.





Software description





  • x11-xserver-utils
    - X server utilities













Details


Sebastian Krahmer discovered that the xrdb utility incorrectly filtered
crafted hostnames. An attacker could use this flaw with a malicious
DHCP server or with a remote xdmcp login and execute arbitrary code,
resulting in root privilege escalation.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




x11-xserver-utils

7.5+2ubuntu1.1





Ubuntu 10.04 LTS:




x11-xserver-utils

7.5+1ubuntu2.1





Ubuntu 9.10:




x11-xserver-utils

7.4+2ubuntu3.1





Ubuntu 8.04 LTS:




x11-xserver-utils

7.3+2ubuntu0.1








After a standard system update you need to reboot your computer to make
all the necessary changes.





References




CVE-2011-0465


USN-1106-1: NSS vulnerabilities

2011/4/14 22:21:26 | Ubuntu security notices

Ubuntu Security Notice USN-1106-1


6th April, 2011


nss vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS





Summary


Update to blacklist fraudulent Comodo certificates





Software description





  • nss
    - Transition package for Network Security Service libraries













Details


It was discovered that several invalid HTTPS certificates were issued and
revoked. An attacker could exploit these to perform a man in the middle
attack to view sensitive information or alter encrypted communications.
These certificates were marked as explicitly not trusted to prevent their
misuse.



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




libnss3-1d

3.12.9+ckbi-1.82-0ubuntu0.10.10.1





Ubuntu 10.04 LTS:




libnss3-1d

3.12.9+ckbi-1.82-0ubuntu0.10.04.1





Ubuntu 9.10:




libnss3-1d

3.12.9+ckbi-1.82-0ubuntu0.9.10.1





Ubuntu 8.04 LTS:




libnss3-1d

3.12.9+ckbi-1.82-0ubuntu0.8.04.1








After a standard system update you need to restart any applications that
use NSS, such as Thunderbird or Evolution, to make all the necessary
changes.





References




https://launchpad.net/bugs/741729


USN-1105-1: Linux kernel vulnerabilities

2011/4/14 22:21:26 | Ubuntu security notices

Ubuntu Security Notice USN-1105-1


5th April, 2011


linux vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 8.04 LTS





Summary


Multiple kernel flaws.





Software description





  • linux
    - Linux kernel







Details


Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)



Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)



Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4162)



Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)



Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing.
If a system was using X.25, a remote attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2010-4164)



Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)



Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker
were able to trigger certain kinds of kernel bugs, they could create a
specially crafted process to gain root privileges. (CVE-2010-4258)



Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks. (CVE-2010-4346)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 8.04 LTS:




linux-image-2.6.24-29-sparc64

2.6.24-29.88






linux-image-2.6.24-29-rt

2.6.24-29.88






linux-image-2.6.24-29-lpia

2.6.24-29.88






linux-image-2.6.24-29-itanium

2.6.24-29.88






linux-image-2.6.24-29-generic

2.6.24-29.88






linux-image-2.6.24-29-openvz

2.6.24-29.88






linux-image-2.6.24-29-hppa32

2.6.24-29.88






linux-image-2.6.24-29-xen

2.6.24-29.88






linux-image-2.6.24-29-powerpc

2.6.24-29.88






linux-image-2.6.24-29-powerpc-smp

2.6.24-29.88






linux-image-2.6.24-29-hppa64

2.6.24-29.88






linux-image-2.6.24-29-server

2.6.24-29.88






linux-image-2.6.24-29-powerpc64-smp

2.6.24-29.88






linux-image-2.6.24-29-386

2.6.24-29.88






linux-image-2.6.24-29-virtual

2.6.24-29.88






linux-image-2.6.24-29-mckinley

2.6.24-29.88






linux-image-2.6.24-29-sparc64-smp

2.6.24-29.88






linux-image-2.6.24-29-lpiacompat

2.6.24-29.88








After a standard system update you need to reboot your computer to make
all the necessary changes.



ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.





References




CVE-2010-4075,

CVE-2010-4076,

CVE-2010-4077,

CVE-2010-4158,

CVE-2010-4162,

CVE-2010-4163,

CVE-2010-4164,

CVE-2010-4242,

CVE-2010-4258,

CVE-2010-4346


USN-1104-1: FFmpeg vulnerabilities

2011/4/14 22:21:26 | Ubuntu security notices

Ubuntu Security Notice USN-1104-1


4th April, 2011


ffmpeg vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 10.10


  • Ubuntu 10.04 LTS


  • Ubuntu 9.10


  • Ubuntu 8.04 LTS





Summary


FFmpeg could be made to run programs as your login if it opened a specially
crafted file.





Software description





  • ffmpeg
    - multimedia player, server and encoder













Details


Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg
incorrectly handled certain malformed flic files. If a user were tricked
into opening a crafted flic file, an attacker could cause a denial of
service via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429)



Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
wmv files. If a user were tricked into opening a crafted wmv file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3908)



It was discovered that FFmpeg incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-4704)



It was discovered that FFmpeg incorrectly handled certain malformed WebM
files. If a user were tricked into opening a crafted WebM file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-0480)



Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
RealMedia files. If a user were tricked into opening a crafted RealMedia
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2011-0722)



Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
VC1 files. If a user were tricked into opening a crafted VC1 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2011-0723)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 10.10:




libavformat52

4:0.6-2ubuntu6.1






libavcodec52

4:0.6-2ubuntu6.1





Ubuntu 10.04 LTS:




libavformat52

4:0.5.1-1ubuntu1.1






libavcodec52

4:0.5.1-1ubuntu1.1





Ubuntu 9.10:




libavformat52

4:0.5+svn20090706-2ubuntu2.3






libavcodec52

4:0.5+svn20090706-2ubuntu2.3





Ubuntu 8.04 LTS:




libavformat1d

3:0.cvs20070307-5ubuntu7.6






libavcodec1d

3:0.cvs20070307-5ubuntu7.6








In general, a standard system update will make all the necessary changes.





References




CVE-2010-3429,

CVE-2010-3908,

CVE-2010-4704,

CVE-2011-0480,

CVE-2011-0722,

CVE-2011-0723