星球

Blog:Ubuntu security notices


最後更新: 2016/10/4 19:54:36
RSS | RDF | ATOM

USN-1024-1: OpenJDK vulnerability

2010/12/1 0:27:33 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3860




Description: 




===========================================================
Ubuntu Security Notice USN-1024-1 November 30, 2010
openjdk-6 vulnerability
CVE-2010-3860
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
icedtea6-plugin 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jre 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~8.04.2

Ubuntu 9.10:
icedtea6-plugin 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jre 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~9.10.1

Ubuntu 10.04 LTS:
icedtea6-plugin 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jre 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1~10.04.1

Ubuntu 10.10:
icedtea6-plugin 6b20-1.9.2-0ubuntu1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1
openjdk-6-jre 6b20-1.9.2-0ubuntu1
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

It was discovered that certain system property information was being
leaked, which could allow an attacker to obtain sensitive information.


USN-1023-1: Linux kernel vulnerabilities

2010/11/30 10:23:58 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3848, CVE-2010-3849, CVE-2010-3850




Description: 




===========================================================
Ubuntu Security Notice USN-1023-1 November 30, 2010
linux, linux-{ec2,source-2.6.15} vulnerabilities
CVE-2010-3848, CVE-2010-3849, CVE-2010-3850
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.90
linux-image-2.6.15-55-686 2.6.15-55.90
linux-image-2.6.15-55-amd64-generic 2.6.15-55.90
linux-image-2.6.15-55-amd64-k8 2.6.15-55.90
linux-image-2.6.15-55-amd64-server 2.6.15-55.90
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.90
linux-image-2.6.15-55-hppa32 2.6.15-55.90
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.90
linux-image-2.6.15-55-hppa64 2.6.15-55.90
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.90
linux-image-2.6.15-55-itanium 2.6.15-55.90
linux-image-2.6.15-55-itanium-smp 2.6.15-55.90
linux-image-2.6.15-55-k7 2.6.15-55.90
linux-image-2.6.15-55-mckinley 2.6.15-55.90
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.90
linux-image-2.6.15-55-powerpc 2.6.15-55.90
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.90
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.90
linux-image-2.6.15-55-server 2.6.15-55.90
linux-image-2.6.15-55-server-bigiron 2.6.15-55.90
linux-image-2.6.15-55-sparc64 2.6.15-55.90
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.90

Ubuntu 8.04 LTS:
linux-image-2.6.24-28-386 2.6.24-28.81
linux-image-2.6.24-28-generic 2.6.24-28.81
linux-image-2.6.24-28-hppa32 2.6.24-28.81
linux-image-2.6.24-28-hppa64 2.6.24-28.81
linux-image-2.6.24-28-itanium 2.6.24-28.81
linux-image-2.6.24-28-lpia 2.6.24-28.81
linux-image-2.6.24-28-lpiacompat 2.6.24-28.81
linux-image-2.6.24-28-mckinley 2.6.24-28.81
linux-image-2.6.24-28-openvz 2.6.24-28.81
linux-image-2.6.24-28-powerpc 2.6.24-28.81
linux-image-2.6.24-28-powerpc-smp 2.6.24-28.81
linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.81
linux-image-2.6.24-28-rt 2.6.24-28.81
linux-image-2.6.24-28-server 2.6.24-28.81
linux-image-2.6.24-28-sparc64 2.6.24-28.81
linux-image-2.6.24-28-sparc64-smp 2.6.24-28.81
linux-image-2.6.24-28-virtual 2.6.24-28.81
linux-image-2.6.24-28-xen 2.6.24-28.81

Ubuntu 9.10:
linux-image-2.6.31-22-386 2.6.31-22.69
linux-image-2.6.31-22-generic 2.6.31-22.69
linux-image-2.6.31-22-generic-pae 2.6.31-22.69
linux-image-2.6.31-22-ia64 2.6.31-22.69
linux-image-2.6.31-22-lpia 2.6.31-22.69
linux-image-2.6.31-22-powerpc 2.6.31-22.69
linux-image-2.6.31-22-powerpc-smp 2.6.31-22.69
linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.69
linux-image-2.6.31-22-server 2.6.31-22.69
linux-image-2.6.31-22-sparc64 2.6.31-22.69
linux-image-2.6.31-22-sparc64-smp 2.6.31-22.69
linux-image-2.6.31-22-virtual 2.6.31-22.69
linux-image-2.6.31-307-ec2 2.6.31-307.22

Ubuntu 10.04 LTS:
linux-image-2.6.32-26-386 2.6.32-26.48
linux-image-2.6.32-26-generic 2.6.32-26.48
linux-image-2.6.32-26-generic-pae 2.6.32-26.48
linux-image-2.6.32-26-ia64 2.6.32-26.48
linux-image-2.6.32-26-lpia 2.6.32-26.48
linux-image-2.6.32-26-powerpc 2.6.32-26.48
linux-image-2.6.32-26-powerpc-smp 2.6.32-26.48
linux-image-2.6.32-26-powerpc64-smp 2.6.32-26.48
linux-image-2.6.32-26-preempt 2.6.32-26.48
linux-image-2.6.32-26-server 2.6.32-26.48
linux-image-2.6.32-26-sparc64 2.6.32-26.48
linux-image-2.6.32-26-sparc64-smp 2.6.32-26.48
linux-image-2.6.32-26-versatile 2.6.32-26.48
linux-image-2.6.32-26-virtual 2.6.32-26.48
linux-image-2.6.32-310-ec2 2.6.32-310.21

Ubuntu 10.10:
linux-image-2.6.35-23-generic 2.6.35-23.41
linux-image-2.6.35-23-generic-pae 2.6.35-23.41
linux-image-2.6.35-23-omap 2.6.35-23.41
linux-image-2.6.35-23-powerpc 2.6.35-23.41
linux-image-2.6.35-23-powerpc-smp 2.6.35-23.41
linux-image-2.6.35-23-powerpc64-smp 2.6.35-23.41
linux-image-2.6.35-23-server 2.6.35-23.41
linux-image-2.6.35-23-versatile 2.6.35-23.41
linux-image-2.6.35-23-virtual 2.6.35-23.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces.


USN-1022-1: APR-util vulnerability

2010/11/25 22:35:03 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-1623




Description: 




===========================================================
Ubuntu Security Notice USN-1022-1 November 25, 2010
apr-util vulnerability
CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libaprutil1 1.2.12+dfsg-3ubuntu0.3

Ubuntu 9.10:
libaprutil1 1.3.9+dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.04.1

Ubuntu 10.10:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.10.1

After a standard system update you need to restart any applications using
APR-util, such as Subversion and Apache, to make all the necessary changes.

Details follow:

It was discovered that APR-util did not properly handle memory when
destroying APR buckets. An attacker could exploit this and cause a denial
of service via memory exhaustion.


USN-1021-1: Apache vulnerabilities

2010/11/25 22:27:10 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-1452, CVE-2010-1623




Description: 




===========================================================
Ubuntu Security Notice USN-1021-1 November 25, 2010
apache2 vulnerabilities
CVE-2010-1452, CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.12

Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.19

Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.4

Ubuntu 10.04 LTS:
apache2.2-common 2.2.14-5ubuntu8.4

Ubuntu 10.10:
apache2.2-common 2.2.16-1ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Apache's mod_cache and mod_dav modules incorrectly
handled requests that lacked a path. A remote attacker could exploit this
with a crafted request and cause a denial of service. This issue affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452)

It was discovered that Apache did not properly handle memory when
destroying APR buckets. A remote attacker could exploit this with crafted
requests and cause a denial of service via memory exhaustion. This issue
affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623)


USN-1018-1: OpenSSL vulnerability

2010/11/18 13:48:38 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3864




Description: 




===========================================================
Ubuntu Security Notice USN-1018-1 November 18, 2010
openssl vulnerability
CVE-2010-3864
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.12

Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.4

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.4

Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)