星球

RSS | RDF | ATOM

USN-1025-1: Bind vulnerabilities

2010/12/2 2:41:59 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3613, CVE-2010-3614




Description: 




===========================================================
Ubuntu Security Notice USN-1025-1 December 01, 2010
bind9 vulnerabilities
CVE-2010-3613, CVE-2010-3614
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libdns23 1:9.3.2-2ubuntu1.12

Ubuntu 8.04 LTS:
libdns36 1:9.4.2.dfsg.P2-2ubuntu0.6

Ubuntu 9.10:
libdns53 1:9.6.1.dfsg.P1-3ubuntu0.4

Ubuntu 10.04 LTS:
libdns64 1:9.7.0.dfsg.P1-1ubuntu0.1

Ubuntu 10.10:
libdns66 1:9.7.1.dfsg.P2-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Bind would incorrectly allow a ncache entry and a
rrsig for the same type. A remote attacker could exploit this to cause
Bind to crash, resulting in a denial of service. (CVE-2010-3613)

It was discovered that Bind would incorrectly mark zone data as insecure
when the zone is undergoing a key algorithm rollover. (CVE-2010-3614)


USN-1024-1: OpenJDK vulnerability

2010/12/1 0:27:33 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3860




Description: 




===========================================================
Ubuntu Security Notice USN-1024-1 November 30, 2010
openjdk-6 vulnerability
CVE-2010-3860
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
icedtea6-plugin 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jre 6b18-1.8.3-0ubuntu1~8.04.2
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~8.04.2

Ubuntu 9.10:
icedtea6-plugin 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jdk 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jre 6b18-1.8.3-0ubuntu1~9.10.1
openjdk-6-jre-headless 6b18-1.8.3-0ubuntu1~9.10.1

Ubuntu 10.04 LTS:
icedtea6-plugin 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jre 6b20-1.9.2-0ubuntu1~10.04.1
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1~10.04.1

Ubuntu 10.10:
icedtea6-plugin 6b20-1.9.2-0ubuntu1
openjdk-6-jdk 6b20-1.9.2-0ubuntu1
openjdk-6-jre 6b20-1.9.2-0ubuntu1
openjdk-6-jre-headless 6b20-1.9.2-0ubuntu1

After a standard system update you need to restart any Java services,
applications or applets to make all the necessary changes.

Details follow:

It was discovered that certain system property information was being
leaked, which could allow an attacker to obtain sensitive information.


USN-1023-1: Linux kernel vulnerabilities

2010/11/30 10:23:58 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3848, CVE-2010-3849, CVE-2010-3850




Description: 




===========================================================
Ubuntu Security Notice USN-1023-1 November 30, 2010
linux, linux-{ec2,source-2.6.15} vulnerabilities
CVE-2010-3848, CVE-2010-3849, CVE-2010-3850
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.90
linux-image-2.6.15-55-686 2.6.15-55.90
linux-image-2.6.15-55-amd64-generic 2.6.15-55.90
linux-image-2.6.15-55-amd64-k8 2.6.15-55.90
linux-image-2.6.15-55-amd64-server 2.6.15-55.90
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.90
linux-image-2.6.15-55-hppa32 2.6.15-55.90
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.90
linux-image-2.6.15-55-hppa64 2.6.15-55.90
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.90
linux-image-2.6.15-55-itanium 2.6.15-55.90
linux-image-2.6.15-55-itanium-smp 2.6.15-55.90
linux-image-2.6.15-55-k7 2.6.15-55.90
linux-image-2.6.15-55-mckinley 2.6.15-55.90
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.90
linux-image-2.6.15-55-powerpc 2.6.15-55.90
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.90
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.90
linux-image-2.6.15-55-server 2.6.15-55.90
linux-image-2.6.15-55-server-bigiron 2.6.15-55.90
linux-image-2.6.15-55-sparc64 2.6.15-55.90
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.90

Ubuntu 8.04 LTS:
linux-image-2.6.24-28-386 2.6.24-28.81
linux-image-2.6.24-28-generic 2.6.24-28.81
linux-image-2.6.24-28-hppa32 2.6.24-28.81
linux-image-2.6.24-28-hppa64 2.6.24-28.81
linux-image-2.6.24-28-itanium 2.6.24-28.81
linux-image-2.6.24-28-lpia 2.6.24-28.81
linux-image-2.6.24-28-lpiacompat 2.6.24-28.81
linux-image-2.6.24-28-mckinley 2.6.24-28.81
linux-image-2.6.24-28-openvz 2.6.24-28.81
linux-image-2.6.24-28-powerpc 2.6.24-28.81
linux-image-2.6.24-28-powerpc-smp 2.6.24-28.81
linux-image-2.6.24-28-powerpc64-smp 2.6.24-28.81
linux-image-2.6.24-28-rt 2.6.24-28.81
linux-image-2.6.24-28-server 2.6.24-28.81
linux-image-2.6.24-28-sparc64 2.6.24-28.81
linux-image-2.6.24-28-sparc64-smp 2.6.24-28.81
linux-image-2.6.24-28-virtual 2.6.24-28.81
linux-image-2.6.24-28-xen 2.6.24-28.81

Ubuntu 9.10:
linux-image-2.6.31-22-386 2.6.31-22.69
linux-image-2.6.31-22-generic 2.6.31-22.69
linux-image-2.6.31-22-generic-pae 2.6.31-22.69
linux-image-2.6.31-22-ia64 2.6.31-22.69
linux-image-2.6.31-22-lpia 2.6.31-22.69
linux-image-2.6.31-22-powerpc 2.6.31-22.69
linux-image-2.6.31-22-powerpc-smp 2.6.31-22.69
linux-image-2.6.31-22-powerpc64-smp 2.6.31-22.69
linux-image-2.6.31-22-server 2.6.31-22.69
linux-image-2.6.31-22-sparc64 2.6.31-22.69
linux-image-2.6.31-22-sparc64-smp 2.6.31-22.69
linux-image-2.6.31-22-virtual 2.6.31-22.69
linux-image-2.6.31-307-ec2 2.6.31-307.22

Ubuntu 10.04 LTS:
linux-image-2.6.32-26-386 2.6.32-26.48
linux-image-2.6.32-26-generic 2.6.32-26.48
linux-image-2.6.32-26-generic-pae 2.6.32-26.48
linux-image-2.6.32-26-ia64 2.6.32-26.48
linux-image-2.6.32-26-lpia 2.6.32-26.48
linux-image-2.6.32-26-powerpc 2.6.32-26.48
linux-image-2.6.32-26-powerpc-smp 2.6.32-26.48
linux-image-2.6.32-26-powerpc64-smp 2.6.32-26.48
linux-image-2.6.32-26-preempt 2.6.32-26.48
linux-image-2.6.32-26-server 2.6.32-26.48
linux-image-2.6.32-26-sparc64 2.6.32-26.48
linux-image-2.6.32-26-sparc64-smp 2.6.32-26.48
linux-image-2.6.32-26-versatile 2.6.32-26.48
linux-image-2.6.32-26-virtual 2.6.32-26.48
linux-image-2.6.32-310-ec2 2.6.32-310.21

Ubuntu 10.10:
linux-image-2.6.35-23-generic 2.6.35-23.41
linux-image-2.6.35-23-generic-pae 2.6.35-23.41
linux-image-2.6.35-23-omap 2.6.35-23.41
linux-image-2.6.35-23-powerpc 2.6.35-23.41
linux-image-2.6.35-23-powerpc-smp 2.6.35-23.41
linux-image-2.6.35-23-powerpc64-smp 2.6.35-23.41
linux-image-2.6.35-23-server 2.6.35-23.41
linux-image-2.6.35-23-versatile 2.6.35-23.41
linux-image-2.6.35-23-virtual 2.6.35-23.41

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces.


Ubuntu 10.10 Countdown Party @Taipei 101

2010/11/28 19:25:00 | 凍仁的 Ubuntu 筆記
10 月 10 日除了是雙十國慶以外,對凍仁而言還是 Ubuntu 10.10 釋出的大日子,這次很幸運的可以到 Canonical Taiwan Office 參與 Countdown Party,而且也可能是最後一次能在 Taipei 101 的 Canonical Taiwan 舉辦,這次的活動場地 ----「會議室B?」將改為其他用途,相信這也能代表著 Canonical Taiwna 愈來愈有發展。


Powered by Austin Tuan

Ubuntu 10.10 釋出的時間據說是英國的 10:10,也就是 Tanwian 時間的 06:10,很高興能在這天跟志同道合的朋友聚聚,當中也有不少伙伴迫不及待,直接在 Canonical download Ubuntu 10.10,不過也因這樣害得凍仁都無法上網,補上很久之前就該放上的簡報,

[!IFRAME FILTERED!]

這次只有小小試玩了一下 unity,可能是手邊機器的等級不夠力個關係,只有公司的工作站跑的比較順,目前的技術得配 CPU 較高的電腦才行,可凍仁會跳 Linux 就是因為牠比起 Vista 還省效能。

# 簡報中所用的字型為 Ubuntu 10.04 所內建的 Ubuntu-Title,似乎與 Ubuntu 10.10 的 Ubuntu 字型有所不同。

相關連結:
[活動消息] 在 101 的 Ubuntu 10.10 釋出倒數啪 | Ubuntu 正體中文站
Ubuntu密技 - 在各種文件內即時使用Google查詢 | Alfred's Cave

使用PPA來源安裝jdownloader [10.04,10.10]

2010/11/28 16:30:00 | 手把手玩Ubuntu
於年初介紹過的好用的跨平台下載軟體 –...



請按標題讀更多:)


USN-1022-1: APR-util vulnerability

2010/11/25 22:35:03 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-1623




Description: 




===========================================================
Ubuntu Security Notice USN-1022-1 November 25, 2010
apr-util vulnerability
CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libaprutil1 1.2.12+dfsg-3ubuntu0.3

Ubuntu 9.10:
libaprutil1 1.3.9+dfsg-1ubuntu1.1

Ubuntu 10.04 LTS:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.04.1

Ubuntu 10.10:
libaprutil1 1.3.9+dfsg-3ubuntu0.10.10.1

After a standard system update you need to restart any applications using
APR-util, such as Subversion and Apache, to make all the necessary changes.

Details follow:

It was discovered that APR-util did not properly handle memory when
destroying APR buckets. An attacker could exploit this and cause a denial
of service via memory exhaustion.


USN-1021-1: Apache vulnerabilities

2010/11/25 22:27:10 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-1452, CVE-2010-1623




Description: 




===========================================================
Ubuntu Security Notice USN-1021-1 November 25, 2010
apache2 vulnerabilities
CVE-2010-1452, CVE-2010-1623
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.12

Ubuntu 8.04 LTS:
apache2.2-common 2.2.8-1ubuntu0.19

Ubuntu 9.10:
apache2.2-common 2.2.12-1ubuntu2.4

Ubuntu 10.04 LTS:
apache2.2-common 2.2.14-5ubuntu8.4

Ubuntu 10.10:
apache2.2-common 2.2.16-1ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Apache's mod_cache and mod_dav modules incorrectly
handled requests that lacked a path. A remote attacker could exploit this
with a crafted request and cause a denial of service. This issue affected
Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452)

It was discovered that Apache did not properly handle memory when
destroying APR buckets. A remote attacker could exploit this with crafted
requests and cause a denial of service via memory exhaustion. This issue
affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623)


【Blogger】企鵝網製寵物

2010/11/23 18:39:00 | 凍仁的 Ubuntu 筆記
不知從何時開始,凍仁就開始喜歡上企鵝,連凍仁家的桌機旁邊都擺著 4 隻布偶,也在「企鵝+便利貼-韓國-衣服」的關鍵字以下找到了這個療傷系的網誌寵物。



至於為什麼要多個「-韓國」?那是因為近來的 韓國跆拳亞運風波。z

資料來源:
網誌寵物:企鵝家族 - luckydenny

新酷音進度報告 8

2010/11/22 23:34:00 | Jserv's blog
「我寧可做人類中有夢想和有完成夢想的願望的最渺小的人,而不願做一個最偉大的無夢想無願望的人。」 晚間忙完雜務後,鍵盤聲響尚未停歇之際,想起紀伯倫的這席名言。記得筆者十年前拿著 iPaq 作實驗,運行著 PocketLinux,讚嘆於 StrongARM 核心時脈高達 200 MHz 的效能,心想自己真是幸運兒;現在到處都能見到採用 45 奈米製程、時脈高達 1 GHz 的 iPad,只覺得自己心態還沒調適好,儘管自知這是 Moore's law 的必然結果。然而,軟體的進展卻沒有如此明顯,在中文輸入法的部份,普遍可說大多在「變老把戲」的狀態,對於一位 2001 年間斷修改酷音輸入法程式、到 2010 年還在零星維護程式碼的人來說,不得不有些感嘆。 難道輸入法開發就是老樣子、永遠在重新造輪子嗎?倒也未必。如前文 [手寫版酷音輸入法雛型] 所及,當使用者族群逐漸採用移動裝置時,需要一個易於書寫且容易讓輸入法引擎 (也就是 "Language Engine" 或 "IM Engine") 涉入處理的設計,現有的智慧型手機,比方說 Android 與 iPhone,都提供了全螢幕書寫的機制,要實現「何不直接辨識注音符號,然後導入新酷音輸入法引擎去作猜字處理?」這類簡單易用的方案,相當可行,也注入新的開發動能。兩年前的 [新酷音進度報告 7] 談到目前...

USN-1018-1: OpenSSL vulnerability

2010/11/18 13:48:38 | Ubuntu security notices

Referenced CVEs: 



CVE-2010-3864




Description: 




===========================================================
Ubuntu Security Notice USN-1018-1 November 18, 2010
openssl vulnerability
CVE-2010-3864
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.12

Ubuntu 9.10:
libssl0.9.8 0.9.8g-16ubuntu3.4

Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.4

Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Rob Hulswit discovered a race condition in the OpenSSL TLS server
extension parsing code when used within a threaded server. A remote
attacker could trigger this flaw to cause a denial of service
or possibly execute arbitrary code with application privileges.
(CVE-2010-3864)