Linux FEUP

Ubuntu Security Notice USN-1442-1

16th May, 2012

sudo vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Sudo could allow users to run arbitrary programs as the administrator.

Software description

• sudo - Provide limited super user privileges to specific users

Details

It was discovered that sudo incorrectly handled network masks when using Host
and Host_List. A local user who is listed in sudoers may be allowed to run
commands on unintended hosts when IPv4 network masks are used to grant access.
A local attacker could exploit this to bypass intended access restrictions. Host
and Host_List are not used in the default installation of Ubuntu.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

sudo-ldap 1.8.3p1-1ubuntu3.2

sudo 1.8.3p1-1ubuntu3.2

Ubuntu 11.10:

sudo-ldap 1.7.4p6-1ubuntu2.1

sudo 1.7.4p6-1ubuntu2.1

Ubuntu 11.04:

sudo-ldap 1.7.4p4-5ubuntu7.2

sudo 1.7.4p4-5ubuntu7.2

Ubuntu 10.04 LTS:

sudo-ldap 1.7.2p1-1ubuntu5.4

sudo 1.7.2p1-1ubuntu5.4

Ubuntu 8.04 LTS:

sudo-ldap 1.6.9p10-1ubuntu3.9

sudo 1.6.9p10-1ubuntu3.9

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2337

Ubuntu Security Notice USN-1441-1

15th May, 2012

quagga vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Quagga could be made to crash if it received specially crafted network traffic.

Software description

• quagga - BGP/OSPF/RIP routing daemon

Details

It was discovered that Quagga incorrectly handled Link State Update
messages with invalid lengths. A remote attacker could use this flaw to
cause Quagga to crash, resulting in a denial of service. (CVE-2012-0249,
CVE-2012-0250)

It was discovered that Quagga incorrectly handled messages with a malformed
Four-octet AS Number Capability. A remote attacker could use this flaw to
cause Quagga to crash, resulting in a denial of service. (CVE-2012-0255)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

quagga 0.99.20.1-0ubuntu0.12.04.2

Ubuntu 11.10:

quagga 0.99.20.1-0ubuntu0.11.10.2

Ubuntu 11.04:

quagga 0.99.20.1-0ubuntu0.11.04.2

Ubuntu 10.04 LTS:

quagga 0.99.20.1-0ubuntu0.10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Quagga to make
all the necessary changes.

References

CVE-2012-0249, CVE-2012-0250, CVE-2012-0255

Ubuntu Security Notice USN-1440-1

8th May, 2012

linux-lts-backport-natty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-natty - Linux kernel backport from Natty

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.38-15-generic 2.6.38-15.59~lucid1

linux-image-2.6.38-15-virtual 2.6.38-15.59~lucid1

linux-image-2.6.38-15-generic-pae 2.6.38-15.59~lucid1

linux-image-2.6.38-15-server 2.6.38-15.59~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100

Ubuntu Security Notice USN-1432-1

8th May, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

A flaw was found in the Linux kernel's ext4 file system when mounting a
corrupt filesystem. A user-assisted remote attacker could exploit this flaw
to cause a denial of service. (CVE-2012-2100)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-15-powerpc 2.6.38-15.59

linux-image-2.6.38-15-omap 2.6.38-15.59

linux-image-2.6.38-15-generic-pae 2.6.38-15.59

linux-image-2.6.38-15-server 2.6.38-15.59

linux-image-2.6.38-15-powerpc64-smp 2.6.38-15.59

linux-image-2.6.38-15-virtual 2.6.38-15.59

linux-image-2.6.38-15-versatile 2.6.38-15.59

linux-image-2.6.38-15-generic 2.6.38-15.59

linux-image-2.6.38-15-powerpc-smp 2.6.38-15.59

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2012-1090, CVE-2012-2100

Ubuntu Security Notice USN-1439-1

7th May, 2012

horizon vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS

Summary

Horizon could be made to expose sensitive information over the network.

Software description

• horizon - Web interface for OpenStack cloud infrastructure

Details

Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability
in Horizon via the log viewer refrash mechanism. If a user were tricked
into viewing a specially crafted log message, a remote attacker could
exploit this to modify the contents or steal confidential data within the
same domain. (CVE-2012-2094)

Thomas Biege discovered a session fixation vulnerability in Horizon. An
attacker could exploit this to potentially allow access to unauthorized
information and capabilities. (CVE-2012-2144)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

python-django-horizon 2012.1-0ubuntu8.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2094, CVE-2012-2144

Ubuntu Security Notice USN-1437-1

4th May, 2012

php5 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server.

Software description

• php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP, when used as a stand alone CGI processor
for the Apache Web Server, did not properly parse and filter query
strings. This could allow a remote attacker to execute arbitrary code
running with the privilege of the web server. Configurations using
mod_php5 and FastCGI were not vulnerable.

This update addresses the issue when the PHP CGI interpreter
is configured using mod_cgi and mod_actions as described in
/usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate
configuration is used to enable PHP CGI processing, it should be
reviewed to ensure that command line arguments cannot be passed to
the PHP interpreter. Please see CVE-2012-2311 for more details and
potential mitigation approaches.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

php5-cgi 5.3.10-1ubuntu3.1

Ubuntu 11.10:

php5-cgi 5.3.6-13ubuntu3.7

Ubuntu 11.04:

php5-cgi 5.3.5-1ubuntu7.8

Ubuntu 10.04 LTS:

php5-cgi 5.3.2-1ubuntu4.15

Ubuntu 8.04 LTS:

php5-cgi 5.2.4-2ubuntu5.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1823, CVE-2012-2311

Ubuntu Security Notice USN-1430-3

4th May, 2012

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

USN-1430-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.

Original advisory details:

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

thunderbird 12.0.1+build1-0ubuntu0.12.04.1

Ubuntu 11.10:

thunderbird 12.0.1+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

thunderbird 12.0.1+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

thunderbird 12.0.1+build1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479, LP: 987305

Ubuntu Security Notice USN-1438-1

3rd May, 2012

nova vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10

Summary

Nova could be made to crash the system under certain conditions.

Software description

• nova - OpenStack Compute cloud infrastructure

Details

Dan Prince discovered that Nova did not enforce quotas for security groups
and rules added to security groups. An authenticated user could exploit
this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

python-nova 2012.1-0ubuntu2.1

Ubuntu 11.10:

python-nova 2011.3-0ubuntu6.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2101

Ubuntu Security Notice USN-1436-1

2nd May, 2012

libtasn1-3 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Libtasn1 could be made to crash or run programs as your login if it received specially crafted input.

Software description

• libtasn1-3 - Library to manage ASN.1 structures

Details

Matthew Hall discovered that Libtasn1 incorrectly handled certain large
values. An attacker could exploit this with a specially crafted ASN.1
structure and cause a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libtasn1-3 2.10-1ubuntu1.1

Ubuntu 11.10:

libtasn1-3 2.9-4ubuntu0.1

Ubuntu 11.04:

libtasn1-3 2.7-1ubuntu1.1

Ubuntu 10.04 LTS:

libtasn1-3 2.4-1ubuntu0.1

Ubuntu 8.04 LTS:

libtasn1-3 1.1-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-1569

Ubuntu Security Notice USN-1433-1

1st May, 2012

linux-lts-backport-oneiric vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local
unprivileged user, or a privileged user within a KVM guest, could exploit
this flaw to crash the system. (CVE-2012-1179)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-19-generic-pae 3.0.0-19.33~lucid1

linux-image-3.0.0-19-server 3.0.0-19.33~lucid1

linux-image-3.0.0-19-generic 3.0.0-19.33~lucid1

linux-image-3.0.0-19-virtual 3.0.0-19.33~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179

Ubuntu Security Notice USN-1431-1

30th April, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

A flaw was found in the Linux's kernels ext4 file system when mounted with
a journal. A local, unprivileged user could exploit this flaw to cause a
denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local
attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local
unprivileged user, or a privileged user within a KVM guest, could exploit
this flaw to crash the system. (CVE-2012-1179)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

linux-image-3.0.0-19-generic-pae 3.0.0-19.33

linux-image-3.0.0-19-powerpc 3.0.0-19.33

linux-image-3.0.0-19-server 3.0.0-19.33

linux-image-3.0.0-19-omap 3.0.0-19.33

linux-image-3.0.0-19-generic 3.0.0-19.33

linux-image-3.0.0-19-powerpc-smp 3.0.0-19.33

linux-image-3.0.0-19-powerpc64-smp 3.0.0-19.33

linux-image-3.0.0-19-virtual 3.0.0-19.33

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179

Ubuntu Security Notice USN-1435-1

1st May, 2012

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• imagemagick - Image manipulation programs and library

Details

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick
incorrectly handled certain ResolutionUnit tags. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2012-0247, CVE-2012-1185)

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick
incorrectly handled certain IFD structures. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service.
(CVE-2012-0248, CVE-2012-1186)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain JPEG EXIF tags. If a user or
automated system using ImageMagick were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of service.
(CVE-2012-0259)

It was discovered that ImageMagick incorrectly handled certain JPEG EXIF
tags. If a user or automated system using ImageMagick were tricked into
opening a specially crafted image, an attacker could exploit this to cause
a denial of service or possibly execute code with the privileges of the
user invoking the program. (CVE-2012-1610)

Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain TIFF EXIF tags. If a user or
automated system using ImageMagick were tricked into opening a specially
crafted image, an attacker could exploit this to cause a denial of service
or possibly execute code with the privileges of the user invoking the
program. (CVE-2012-1798)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

libmagick++4 8:6.6.9.7-5ubuntu3.1

imagemagick 8:6.6.9.7-5ubuntu3.1

Ubuntu 11.10:

imagemagick 8:6.6.0.4-3ubuntu1.1

libmagick++3 8:6.6.0.4-3ubuntu1.1

Ubuntu 11.04:

imagemagick 7:6.6.2.6-1ubuntu4.1

libmagick++3 7:6.6.2.6-1ubuntu4.1

Ubuntu 10.04 LTS:

imagemagick 7:6.5.7.8-1ubuntu1.2

libmagick++2 7:6.5.7.8-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798

Ubuntu Security Notice USN-1434-1

1st May, 2012

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Samba could allow a user to gain administrative privileges to the Samba server.

Software description

• samba - SMB/CIFS file, print, and login server for Unix

Details

Ivano Cristofolini discovered that Samba incorrectly handled some Local
Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated
attacker could exploit this to grant administrative privileges to arbitrary
users. The administrative privileges could be used to bypass permission checks
performed by the Samba server.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

samba 2:3.6.3-2ubuntu2.1

Ubuntu 11.10:

samba 2:3.5.11~dfsg-1ubuntu2.3

Ubuntu 11.04:

samba 2:3.5.8~dfsg-1ubuntu2.5

Ubuntu 10.04 LTS:

samba 2:3.4.7~dfsg-1ubuntu3.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you may need to review the privileges of Samba
user accounts.

References

CVE-2012-2111

Ubuntu Security Notice USN-1430-2

27th April, 2012

ubufox update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

This update provides compatible ubufox packages for the latest Firefox.

Software description

• ubufox - Ubuntu Firefox specific configuration defaults and apt support

Details

USN-1430-1 fixed vulnerabilities in Firefox. This update provides an
updated ubufox package for use with the latest Firefox.

Original advisory details:

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xul-ext-ubufox 1.0.4-0ubuntu1

Ubuntu 11.04:

xul-ext-ubufox 0.9.5-0ubuntu1

Ubuntu 10.04 LTS:

xul-ext-ubufox 0.9.5-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 987262

Ubuntu Security Notice USN-1430-1

27th April, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.04 LTS
• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Firefox.

Software description

• firefox - Mozilla Open Source web browser

Details

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)

Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)

Atte Kettunen discovered that invalid frees cause heap corruption in
gfxImageSurface. If a user were tricked into opening a malicious Scalable
Vector Graphics (SVG) image file, an attacker could exploit these to cause
a denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-0470)

Anne van Kesteren discovered a potential cross-site scripting (XSS)
vulnerability via multibyte content processing errors. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0471)

Matias Juntunen discovered a vulnerability in Firefox's WebGL
implementation that potentially allows the reading of illegal video memory.
An attacker could possibly exploit this to cause a denial of service via
application crash. (CVE-2012-0473)

Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox
allowed the address bar to display a different website than the one the
user was visiting. This could potentially leave the user vulnerable to
cross-site scripting (XSS) attacks. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2012-0474)

Simone Fabiano discovered that Firefox did not always send correct origin
headers when connecting to an IPv6 websites. An attacker could potentially
use this to bypass intended access controls. (CVE-2012-0475)

Masato Kinugawa discovered that cross-site scripting (XSS) injection is
possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
(CVE-2012-0477)

It was discovered that certain images rendered using WebGL could cause
Firefox to crash. If the user were tricked into opening a specially crafted
page, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0478)

Mateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2011-3062)

Daniel Divricean discovered a defect in the error handling of JavaScript
errors can potentially leak the file names and location of JavaScript files
on a server. This could potentially lead to inadvertent information
disclosure and a vector for further attacks. (CVE-2011-1187)

Jeroen van der Gun discovered a vulnerability in the way Firefox handled
RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused
the location bar to be updated with the address of this content, while the
main window still displays the previously loaded content. An attacker could
potentially exploit this vulnerability to conduct phishing attacks.
(CVE-2012-0479)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:

firefox 12.0+build1-0ubuntu0.12.04.1

Ubuntu 11.10:

firefox 12.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

firefox 12.0+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

firefox 12.0+build1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2011-1187, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479, LP: 987262

Ubuntu Security Notice USN-1429-1

26th April, 2012

jetty vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04
• Ubuntu 10.04 LTS

Summary

Jetty could be made to hang or crash if it received specially crafted network traffic.

Software description

• jetty - Java servlet engine and webserver

Details

It was discovered that Jetty computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

libjetty-java 6.1.24-6ubuntu0.11.04.1

Ubuntu 10.04 LTS:

libjetty-java 6.1.22-1ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4461

Ubuntu Security Notice USN-1428-1

24th April, 2012

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file.

Software description

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL
0.9.8. A remote attacker could trigger this flaw in services that used SSL
to cause a denial of service or possibly execute arbitrary code with
application privileges. Ubuntu 11.10 was not affected by this issue.
(CVE-2012-2131)

The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean()
to sometimes return the wrong error condition. This update fixes the
problem.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libssl1.0.0 1.0.0e-2ubuntu4.5

Ubuntu 11.04:

libssl0.9.8 0.9.8o-5ubuntu1.5

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.11

Ubuntu 8.04 LTS:

libssl0.9.8 0.9.8g-4ubuntu3.18

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-2131

Ubuntu Security Notice USN-1427-1

24th April, 2012

mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Several security issues were fixed in MySQL.

Software description

• mysql-5.1 - MySQL database
• mysql-dfsg-5.0 - MySQL database
• mysql-dfsg-5.1 - MySQL database

Details

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and
Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-96.html

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

mysql-server-5.1 5.1.62-0ubuntu0.11.10.1

Ubuntu 11.04:

mysql-server-5.1 5.1.62-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:

mysql-server-5.1 5.1.62-0ubuntu0.10.04.1

Ubuntu 8.04 LTS:

mysql-server-5.0 5.0.96-0ubuntu1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 965523

Ubuntu Security Notice USN-1426-1

24th April, 2012

linux-ec2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ec2 - Linux kernel for EC2

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-345-ec2 2.6.32-345.47

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097

Ubuntu Security Notice USN-1425-1

24th April, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Sasha Levin discovered a flaw in the permission checking for device
assignments requested via the kvm ioctl in the Linux kernel. A local user
could use this flaw to crash the system causing a denial of service.
(CVE-2011-4347)

Stephan Bärwolf discovered a flaw in the KVM (kernel-based virtual
machine) subsystem of the Linux kernel. A local unprivileged user can crash
use this flaw to crash VMs causing a deny of service. (CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An
unprivileged local user could exploit this flaw to crash the system leading
to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the
system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-41-server 2.6.32-41.88

linux-image-2.6.32-41-lpia 2.6.32-41.88

linux-image-2.6.32-41-ia64 2.6.32-41.88

linux-image-2.6.32-41-generic-pae 2.6.32-41.88

linux-image-2.6.32-41-virtual 2.6.32-41.88

linux-image-2.6.32-41-386 2.6.32-41.88

linux-image-2.6.32-41-powerpc 2.6.32-41.88

linux-image-2.6.32-41-sparc64 2.6.32-41.88

linux-image-2.6.32-41-sparc64-smp 2.6.32-41.88

linux-image-2.6.32-41-powerpc-smp 2.6.32-41.88

linux-image-2.6.32-41-preempt 2.6.32-41.88

linux-image-2.6.32-41-powerpc64-smp 2.6.32-41.88

linux-image-2.6.32-41-versatile 2.6.32-41.88

linux-image-2.6.32-41-generic 2.6.32-41.88

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097