===========================================================
Ubuntu Security Notice USN-1056-1 February 02, 2011
openoffice.org vulnerabilities
CVE-2010-2935, CVE-2010-2936, CVE-2010-3450, CVE-2010-3451,
CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689,
CVE-2010-4253, CVE-2010-4643
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
openoffice.org-core 1:2.4.1-1ubuntu2.5
openoffice.org-impress 1:2.4.1-1ubuntu2.5
openoffice.org-writer 1:2.4.1-1ubuntu2.5

Ubuntu 9.10:
openoffice.org-core 1:3.1.1-5ubuntu1.3
openoffice.org-impress 1:3.1.1-5ubuntu1.3
openoffice.org-writer 1:3.1.1-5ubuntu1.3

Ubuntu 10.04 LTS:
openoffice.org-core 1:3.2.0-7ubuntu4.2
openoffice.org-impress 1:3.2.0-7ubuntu4.2
openoffice.org-writer 1:3.2.0-7ubuntu4.2

Ubuntu 10.10:
openoffice.org-core 1:3.2.1-7ubuntu1.1
openoffice.org-impress 1:3.2.1-7ubuntu1.1
openoffice.org-writer 1:3.2.1-7ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

Charlie Miller discovered several heap overflows in PPT processing. If
a user or automated system were tricked into opening a specially crafted
PPT document, a remote attacker could execute arbitrary code with user
privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936)

Marc Schoenefeld discovered that directory traversal was not correctly
handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system
were tricked into opening a specially crafted document, a remote attacker
overwrite arbitrary files, possibly leading to arbitrary code execution
with user privileges. (CVE-2010-3450)

Dan Rosenberg discovered multiple heap overflows in RTF and DOC
processing. If a user or automated system were tricked into opening a
specially crafted RTF or DOC document, a remote attacker could execute
arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452,
CVE-2010-3453, CVE-2010-3454)

Dmitri Gribenko discovered that OpenOffice.org did not correctly
handle LD_LIBRARY_PATH in various tools. If a local attacker
tricked a user or automated system into using OpenOffice.org from an
attacker-controlled directory, they could execute arbitrary code with
user privileges. (CVE-2010-3689)

Marc Schoenefeld discovered that OpenOffice.org did not correctly process
PNG images. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could execute arbitrary
code with user privileges. (CVE-2010-4253)

It was discovered that OpenOffice.org did not correctly process TGA
images. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could execute arbitrary
code with user privileges. (CVE-2010-4643)

===========================================================
Ubuntu Security Notice USN-1054-1 February 01, 2011
linux, linux-ec2 vulnerabilities
CVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-28-386 2.6.32-28.55
linux-image-2.6.32-28-generic 2.6.32-28.55
linux-image-2.6.32-28-generic-pae 2.6.32-28.55
linux-image-2.6.32-28-ia64 2.6.32-28.55
linux-image-2.6.32-28-lpia 2.6.32-28.55
linux-image-2.6.32-28-powerpc 2.6.32-28.55
linux-image-2.6.32-28-powerpc-smp 2.6.32-28.55
linux-image-2.6.32-28-powerpc64-smp 2.6.32-28.55
linux-image-2.6.32-28-preempt 2.6.32-28.55
linux-image-2.6.32-28-server 2.6.32-28.55
linux-image-2.6.32-28-sparc64 2.6.32-28.55
linux-image-2.6.32-28-sparc64-smp 2.6.32-28.55
linux-image-2.6.32-28-versatile 2.6.32-28.55
linux-image-2.6.32-28-virtual 2.6.32-28.55
linux-image-2.6.32-312-ec2 2.6.32-312.24

Ubuntu 10.10:
linux-image-2.6.35-25-generic 2.6.35-25.44
linux-image-2.6.35-25-generic-pae 2.6.35-25.44
linux-image-2.6.35-25-omap 2.6.35-25.44
linux-image-2.6.35-25-powerpc 2.6.35-25.44
linux-image-2.6.35-25-powerpc-smp 2.6.35-25.44
linux-image-2.6.35-25-powerpc64-smp 2.6.35-25.44
linux-image-2.6.35-25-server 2.6.35-25.44
linux-image-2.6.35-25-versatile 2.6.35-25.44
linux-image-2.6.35-25-virtual 2.6.35-25.44

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

Gleb Napatov discovered that KVM did not correctly check certain
privileged operations. A local attacker with access to a guest kernel
could exploit this to crash the host system, leading to a denial of
service. (CVE-2010-0435)

Steve Chen discovered that setsockopt did not correctly check MSS values.
A local attacker could make a specially crafted socket call to crash
the system, leading to a denial of service. (CVE-2010-4165)

Dave Jones discovered that the mprotect system call did not correctly
handle merged VMAs. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4169)

Vegard Nossum discovered that memory garbage collection was not
handled correctly for active sockets. A local attacker could exploit
this to allocate all available kernel memory, leading to a denial of
service. (CVE-2010-4249)

===========================================================
Ubuntu Security Notice USN-1055-1 February 01, 2011
openjdk-6, openjdk-6b18 vulnerabilities
CVE-2010-4351, CVE-2011-0025
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
icedtea6-plugin 6b20-1.9.5-0ubuntu1~9.10.1

Ubuntu 10.04 LTS:
icedtea6-plugin 6b20-1.9.5-0ubuntu1~10.04.1

Ubuntu 10.10:
icedtea6-plugin 6b20-1.9.5-0ubuntu1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

It was discovered that IcedTea for Java did not properly verify
signatures when handling multiply signed or partially signed JAR files,
allowing an attacker to cause code to execute that appeared to come
from a verified source. (CVE-2011-0025)

USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu
10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures
except for the armel (ARM) architecture. This update provides the
corresponding update for Ubuntu 10.10 on the armel (ARM) architecture.

Original advisory details:

It was discovered that the JNLP SecurityManager in IcedTea for Java
OpenJDK in some instances failed to properly apply the intended
scurity policy in its checkPermission method. This could allow
an attacker to execute code with privileges that should have been
prevented. (CVE-2010-4351)

===========================================================
Ubuntu Security Notice USN-1053-1 February 01, 2011
subversion vulnerabilities
CVE-2007-2448, CVE-2010-3315, CVE-2010-4539, CVE-2010-4644
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libapache2-svn 1.3.1-3ubuntu1.3
libsvn0 1.3.1-3ubuntu1.3

Ubuntu 8.04 LTS:
libapache2-svn 1.4.6dfsg1-2ubuntu1.2
libsvn1 1.4.6dfsg1-2ubuntu1.2

Ubuntu 9.10:
libapache2-svn 1.6.5dfsg-1ubuntu1.1
libsvn1 1.6.5dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libapache2-svn 1.6.6dfsg-2ubuntu1.1
libsvn1 1.6.6dfsg-2ubuntu1.1

Ubuntu 10.10:
libapache2-svn 1.6.12dfsg-1ubuntu1.1
libsvn1 1.6.12dfsg-1ubuntu1.1

After a standard system update you need to restart any applications that
use Subversion, such as Apache when using mod_dav_svn, to make all the
necessary changes.

Details follow:

It was discovered that Subversion incorrectly handled certain 'partial
access' privileges in rare scenarios. Remote authenticated users could use
this flaw to obtain sensitive information (revision properties). This issue
only applied to Ubuntu 6.06 LTS. (CVE-2007-2448)

It was discovered that the Subversion mod_dav_svn module for Apache did not
properly handle a named repository as a rule scope. Remote authenticated
users could use this flaw to bypass intended restrictions. This issue only
applied to Ubuntu 9.10, 10.04 LTS, and 10.10. (CVE-2010-3315)

It was discovered that the Subversion mod_dav_svn module for Apache
incorrectly handled the walk function. Remote authenticated users could use
this flaw to cause the service to crash, leading to a denial of service.
(CVE-2010-4539)

It was discovered that Subversion incorrectly handled certain memory
operations. Remote authenticated users could use this flaw to consume large
quantities of memory and cause the service to crash, leading to a denial of
service. This issue only applied to Ubuntu 9.10, 10.04 LTS, and 10.10.
(CVE-2010-4644)

===========================================================
Ubuntu Security Notice USN-1052-1 January 26, 2011
openjdk-6, openjdk-6b18 vulnerability
CVE-2010-4351
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
icedtea6-plugin 6b20-1.9.4-0ubuntu1~9.10.1

Ubuntu 10.04 LTS:
icedtea6-plugin 6b20-1.9.4-0ubuntu1~10.04.1

Ubuntu 10.10:
icedtea6-plugin 6b20-1.9.4-0ubuntu1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

It was discovered that the JNLP SecurityManager in IcedTea for Java
OpenJDK in some instances failed to properly apply the intended
scurity policy in its checkPermission method. This could allow an
attacker execute code with privileges that should have been prevented.
(CVE-2010-4351)

===========================================================
Ubuntu Security Notice USN-1051-1 January 25, 2011
hplip vulnerability
CVE-2010-4267
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
hplip 2.8.2-0ubuntu8.2

Ubuntu 9.10:
hplip 3.9.8-1ubuntu2.1

Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.2

Ubuntu 10.10:
hplip 3.10.6-1ubuntu10.2

In general, a standard system update will make all the necessary changes.

Details follow:

Sebastian Krahmer discovered that HPLIP incorrectly handled certain long
SNMP responses. A remote attacker could send malicious SNMP replies to
certain HPLIP tools and cause them to crash or possibly execute arbitrary
code.

===========================================================
Ubuntu Security Notice USN-1048-1 January 24, 2011
tomcat6 vulnerability
CVE-2010-4172
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
tomcat6-admin 6.0.20-2ubuntu2.3

Ubuntu 10.04 LTS:
tomcat6-admin 6.0.24-2ubuntu1.6

Ubuntu 10.10:
tomcat6-admin 6.0.28-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Tomcat did not properly escape certain parameters in
the Manager application which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data (such as
passwords), within the same domain.

===========================================================
Ubuntu Security Notice USN-1047-1 January 24, 2011
awstats vulnerability
CVE-2010-4369
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
awstats 6.5-1ubuntu1.4

Ubuntu 8.04 LTS:
awstats 6.7.dfsg-1ubuntu0.2

Ubuntu 9.10:
awstats 6.9~dfsg-1ubuntu3.9.10.1

Ubuntu 10.04 LTS:
awstats 6.9~dfsg-1ubuntu3.10.04.1

Ubuntu 10.10:
awstats 6.9.5~dfsg-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that AWStats did not correctly filter the LoadPlugin
configuration option. A local attacker on a shared system could use this
to inject arbitrary code into AWStats.