星球
USN-1106-1: NSS vulnerabilities
Ubuntu Security Notice USN-1106-1
6th April, 2011
nss vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Summary
Update to blacklist fraudulent Comodo certificates
Software description
- nss
- Transition package for Network Security Service libraries
Details
It was discovered that several invalid HTTPS certificates were issued and
revoked. An attacker could exploit these to perform a man in the middle
attack to view sensitive information or alter encrypted communications.
These certificates were marked as explicitly not trusted to prevent their
misuse.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libnss3-1d
3.12.9+ckbi-1.82-0ubuntu0.10.10.1
- Ubuntu 10.04 LTS:
libnss3-1d
3.12.9+ckbi-1.82-0ubuntu0.10.04.1
- Ubuntu 9.10:
libnss3-1d
3.12.9+ckbi-1.82-0ubuntu0.9.10.1
- Ubuntu 8.04 LTS:
libnss3-1d
3.12.9+ckbi-1.82-0ubuntu0.8.04.1
After a standard system update you need to restart any applications that
use NSS, such as Thunderbird or Evolution, to make all the necessary
changes.
References
USN-1105-1: Linux kernel vulnerabilities
Ubuntu Security Notice USN-1105-1
5th April, 2011
linux vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 8.04 LTS
Summary
Multiple kernel flaws.
Software description
- linux
- Linux kernel
Details
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4162)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate
iov segments. A local attacker with access to a SCSI device could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2010-4163)
Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing.
If a system was using X.25, a remote attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2010-4164)
Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)
Nelson Elhage discovered that the kernel did not correctly handle process
cleanup after triggering a recoverable kernel bug. If a local attacker
were able to trigger certain kinds of kernel bugs, they could create a
specially crafted process to gain root privileges. (CVE-2010-4258)
Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks. (CVE-2010-4346)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 8.04 LTS:
linux-image-2.6.24-29-sparc64
2.6.24-29.88
linux-image-2.6.24-29-rt
2.6.24-29.88
linux-image-2.6.24-29-lpia
2.6.24-29.88
linux-image-2.6.24-29-itanium
2.6.24-29.88
linux-image-2.6.24-29-generic
2.6.24-29.88
linux-image-2.6.24-29-openvz
2.6.24-29.88
linux-image-2.6.24-29-hppa32
2.6.24-29.88
linux-image-2.6.24-29-xen
2.6.24-29.88
linux-image-2.6.24-29-powerpc
2.6.24-29.88
linux-image-2.6.24-29-powerpc-smp
2.6.24-29.88
linux-image-2.6.24-29-hppa64
2.6.24-29.88
linux-image-2.6.24-29-server
2.6.24-29.88
linux-image-2.6.24-29-powerpc64-smp
2.6.24-29.88
linux-image-2.6.24-29-386
2.6.24-29.88
linux-image-2.6.24-29-virtual
2.6.24-29.88
linux-image-2.6.24-29-mckinley
2.6.24-29.88
linux-image-2.6.24-29-sparc64-smp
2.6.24-29.88
linux-image-2.6.24-29-lpiacompat
2.6.24-29.88
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
CVE-2010-4075,
CVE-2010-4076,
CVE-2010-4077,
CVE-2010-4158,
CVE-2010-4162,
CVE-2010-4163,
CVE-2010-4164,
CVE-2010-4242,
CVE-2010-4258,
CVE-2010-4346
USN-1104-1: FFmpeg vulnerabilities
Ubuntu Security Notice USN-1104-1
4th April, 2011
ffmpeg vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Summary
FFmpeg could be made to run programs as your login if it opened a specially
crafted file.
Software description
- ffmpeg
- multimedia player, server and encoder
Details
Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg
incorrectly handled certain malformed flic files. If a user were tricked
into opening a crafted flic file, an attacker could cause a denial of
service via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429)
Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
wmv files. If a user were tricked into opening a crafted wmv file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2010-3908)
It was discovered that FFmpeg incorrectly handled certain malformed ogg
files. If a user were tricked into opening a crafted ogg file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-4704)
It was discovered that FFmpeg incorrectly handled certain malformed WebM
files. If a user were tricked into opening a crafted WebM file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-0480)
Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
RealMedia files. If a user were tricked into opening a crafted RealMedia
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.
(CVE-2011-0722)
Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed
VC1 files. If a user were tricked into opening a crafted VC1 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2011-0723)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libavformat52
4:0.6-2ubuntu6.1
libavcodec52
4:0.6-2ubuntu6.1
- Ubuntu 10.04 LTS:
libavformat52
4:0.5.1-1ubuntu1.1
libavcodec52
4:0.5.1-1ubuntu1.1
- Ubuntu 9.10:
libavformat52
4:0.5+svn20090706-2ubuntu2.3
libavcodec52
4:0.5+svn20090706-2ubuntu2.3
- Ubuntu 8.04 LTS:
libavformat1d
3:0.cvs20070307-5ubuntu7.6
libavcodec1d
3:0.cvs20070307-5ubuntu7.6
In general, a standard system update will make all the necessary changes.
References
CVE-2010-3429,
CVE-2010-3908,
CVE-2010-4704,
CVE-2011-0480,
CVE-2011-0722,
CVE-2011-0723
USN-1103-1: tex-common vulnerability
Ubuntu Security Notice USN-1103-1
4th April, 2011
tex-common vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
tex-common could be made to run programs as your login if it opened a
specially crafted file.
Software description
- tex-common
- common infrastructure for building and installing TeX
Details
Mathias Svensson discovered that the tex-common package contains an
insecure shell_escape_commands configuration item. If a user or automated
system were tricked into opening a specially crafted TeX file, a remote
attacker could execute arbitrary code with user privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
tex-common
2.08ubuntu0.1
- Ubuntu 10.04 LTS:
tex-common
2.06ubuntu0.1
In general, a standard system update will make all the necessary changes.
References
USN-1102-1: tiff vulnerability
Ubuntu Security Notice USN-1102-1
4th April, 2011
tiff vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
Certain applications could be made to run programs as your login if they
opened a specially crafted TIFF file.
Software description
- tiff
- TIFF manipulation and conversion tools
Details
Martin Barbella discovered that the thunder (aka ThunderScan) decoder in
the TIFF library incorrectly handled an unexpected BitsPerSample value. If
a user or automated system were tricked into opening a specially crafted
TIFF image, a remote attacker could execute arbitrary code with user
privileges, or crash the application, leading to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libtiff4
3.9.4-2ubuntu0.3
- Ubuntu 10.04 LTS:
libtiff4
3.9.2-2ubuntu0.6
- Ubuntu 9.10:
libtiff4
3.8.2-13ubuntu0.6
- Ubuntu 8.04 LTS:
libtiff4
3.8.2-7ubuntu3.9
- Ubuntu 6.06 LTS:
libtiff4
3.7.4-1ubuntu3.11
After a standard system update you need to restart your session to make
all the necessary changes.
References
USN-1101-1: Qt vulnerabilities
Ubuntu Security Notice USN-1101-1
1st April, 2011
qt4-x11 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Summary
qt4-x11 update for fraudulent comodo certificates
Software description
- qt4-x11
- Qt 4 core non-GUI functionality runtime library
Details
It was discovered that several invalid HTTPS certificates were issued and
revoked. An attacker could exploit these to perform a man in the middle
attack to view sensitive information or alter encrypted communications.
These were placed on the certificate blacklist to prevent their misuse.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libqt4-network
4:4.7.0-0ubuntu4.3
- Ubuntu 10.04 LTS:
libqt4-network
4:4.6.2-0ubuntu5.2
- Ubuntu 9.10:
libqt4-network
4.5.3really4.5.2-0ubuntu1.1
- Ubuntu 8.04 LTS:
libqt4-core
4.3.4-0ubuntu3.2
After a standard system upgrade you need to restart your session to effect
the necessary changes.
References
USN-1100-1: OpenLDAP vulnerabilities
Ubuntu Security Notice USN-1100-1
31st March, 2011
openldap, openldap2.3 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
Summary
An attacker could send crafted input to OpenLDAP and cause it to crash.
Software description
- openldap
- OpenLDAP utilities
- openldap2.3
- OpenLDAP utilities
Details
It was discovered that OpenLDAP did not properly check forwarded
authentication failures when using a slave server and chain overlay. If
OpenLDAP were configured in this manner, an attacker could bypass
authentication checks by sending an invalid password to a slave server.
(CVE-2011-1024)
It was discovered that OpenLDAP did not properly perform authentication
checks to the rootdn when using the back-ndb backend. An attacker could
exploit this to access the directory by sending an arbitrary password.
Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue
did not affect Ubuntu 8.04 LTS. (CVE-2011-1025)
It was discovered that OpenLDAP did not properly validate modrdn requests.
An unauthenticated remote user could use this to cause a denial of service
via application crash. (CVE-2011-1081)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
slapd
2.4.23-0ubuntu3.5
- Ubuntu 10.04 LTS:
slapd
2.4.21-0ubuntu5.4
- Ubuntu 9.10:
slapd
2.4.18-0ubuntu1.2
- Ubuntu 8.04 LTS:
slapd
2.4.9-0ubuntu0.8.04.5
In general, a standard system update will make all the necessary changes.
References
USN-1099-1: GDM vulnerability
Ubuntu Security Notice USN-1099-1
30th March, 2011
gdm vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary
A GDM vulnerability allows local attackers to gain root privileges.
Software description
- gdm
- GNOME Display Manager
Details
Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not
properly drop privileges when handling the cache directories used
to store users' dmrc and face icon files. This could allow a local
attacker to change the ownership of arbitrary files, thereby gaining
root privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
gdm
2.30.5-0ubuntu4.1
- Ubuntu 10.04 LTS:
gdm
2.30.2.is.2.30.0-0ubuntu5.1
- Ubuntu 9.10:
gdm
2.28.1-0ubuntu2.3
After a standard system update you need to log out all desktop sessions
and restart GDM to make all the necessary changes.
References
USN-1098-1: vsftpd vulnerability
Ubuntu Security Notice USN-1098-1
29th March, 2011
vsftpd vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary
An attacker could send crafted input to vsftpd and cause it to crash.
Software description
- vsftpd
- lightweight, efficient FTP server written for security
Details
It was discovered that vsftpd incorrectly handled certain glob expressions.
A remote authenticated user could use a crafted glob expression to cause
vftpd to consume all resources, leading to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
vsftpd
2.3.0~pre2-4ubuntu2.2
- Ubuntu 10.04 LTS:
vsftpd
2.2.2-3ubuntu6.1
- Ubuntu 9.10:
vsftpd
2.2.0-1ubuntu2.1
- Ubuntu 8.04 LTS:
vsftpd
2.0.6-1ubuntu1.2
- Ubuntu 6.06 LTS:
vsftpd
2.0.4-0ubuntu4.1
In general, a standard system update will make all the necessary changes.
References
USN-1097-1: Tomcat vulnerabilities
Ubuntu Security Notice USN-1097-1
29th March, 2011
tomcat6 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary
An attacker could send crafted input to Tomcat and cause it to crash or
read and write arbitrary files.
Software description
- tomcat6
- Servlet and JSP engine
Details
It was discovered that the Tomcat SecurityManager did not properly restrict
the working directory. An attacker could use this flaw to read or write
files outside of the intended working directory. (CVE-2010-3718)
It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2011-0013)
It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize
limit in certain configurations. A remote attacker could use this flaw to
cause Tomcat to consume all available memory, resulting in a denial of
service. (CVE-2011-0534)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.10:
libtomcat6-java
6.0.28-2ubuntu1.2
tomcat6-admin
6.0.28-2ubuntu1.2
- Ubuntu 10.04 LTS:
libtomcat6-java
6.0.24-2ubuntu1.7
tomcat6-admin
6.0.24-2ubuntu1.7
- Ubuntu 9.10:
libtomcat6-java
6.0.20-2ubuntu2.4
tomcat6-admin
6.0.20-2ubuntu2.4
In general, a standard system update will make all the necessary changes.