Linux FEUP

Ubuntu Security Notice USN-1358-1

9th February, 2012

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Multiple vulnerabilities in PHP.

Software description

• php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters. (CVE-2011-4885)

ATTENTION: this update changes previous PHP behavior by
limiting the number of external input variables to 1000.
This may be increased by adding a "max_input_vars"
directive to the php.ini configuration file. See
http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
for more information.

Stefan Esser discovered that the fix to address the predictable hash
collision issue, CVE-2011-4885, did not properly handle the situation
where the limit was reached. This could allow a remote attacker to
cause a denial of service or execute arbitrary code via a request
containing a large number of variables. (CVE-2012-0830)

It was discovered that PHP did not always check the return value of
the zend_strndup function. This could allow a remote attacker to
cause a denial of service. (CVE-2011-4153)

It was discovered that PHP did not properly enforce libxslt security
settings. This could allow a remote attacker to create arbitrary
files via a crafted XSLT stylesheet that uses the libxslt output
extension. (CVE-2012-0057)

It was discovered that PHP did not properly enforce that PDORow
objects could not be serialized and not be saved in a session. A
remote attacker could use this to cause a denial of service via an
application crash. (CVE-2012-0788)

It was discovered that PHP allowed the magic_quotes_gpc setting to
be disabled remotely. This could allow a remote attacker to bypass
restrictions that could prevent an SQL injection. (CVE-2012-0831)

USN 1126-1 addressed an issue where the /etc/cron.d/php5 cron job
for PHP allowed local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. Emese Revfy discovered
that the fix had not been applied to PHP for Ubuntu 10.04 LTS. This
update corrects the issue. We apologize for the error. (CVE-2011-0441)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

php5-cli 5.3.6-13ubuntu3.5

php5-cgi 5.3.6-13ubuntu3.5

php5-common 5.3.6-13ubuntu3.5

php5-xsl 5.3.6-13ubuntu3.5

php5 5.3.6-13ubuntu3.5

libapache2-mod-php5 5.3.6-13ubuntu3.5

Ubuntu 11.04:

php5-cli 5.3.5-1ubuntu7.6

php5-cgi 5.3.5-1ubuntu7.6

php5-common 5.3.5-1ubuntu7.6

php5-xsl 5.3.5-1ubuntu7.6

php5 5.3.5-1ubuntu7.6

libapache2-mod-php5 5.3.5-1ubuntu7.6

Ubuntu 10.10:

php5-cli 5.3.3-1ubuntu9.9

php5-cgi 5.3.3-1ubuntu9.9

php5-common 5.3.3-1ubuntu9.9

php5-xsl 5.3.3-1ubuntu9.9

php5 5.3.3-1ubuntu9.9

libapache2-mod-php5 5.3.3-1ubuntu9.9

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.13

php5-cgi 5.3.2-1ubuntu4.13

php5-common 5.3.2-1ubuntu4.13

php5-xsl 5.3.2-1ubuntu4.13

php5 5.3.2-1ubuntu4.13

libapache2-mod-php5 5.3.2-1ubuntu4.13

Ubuntu 8.04 LTS:

php5-cli 5.2.4-2ubuntu5.22

php5-cgi 5.2.4-2ubuntu5.22

php5-common 5.2.4-2ubuntu5.22

php5-xsl 5.2.4-2ubuntu5.22

php5 5.2.4-2ubuntu5.22

libapache2-mod-php5 5.2.4-2ubuntu5.22

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0441, CVE-2011-4153, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0830, CVE-2012-0831

Ubuntu Security Notice USN-1357-1

9th February, 2012

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 8.04 LTS

Summary

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.

Software description

• openssl - Secure Socket Layer (SSL) binary and related cryptographic tools

Details

It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)

Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This
could allow a remote attacker to cause a denial of service via
out-of-order messages that violate the TLS protocol. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu
11.04. (CVE-2011-3210)

Nadhem Alfardan and Kenny Paterson discovered that the Datagram
Transport Layer Security (DTLS) implementation in OpenSSL performed a
MAC check only if certain padding is valid. This could allow a remote
attacker to recover plaintext. (CVE-2011-4108)

Antonio Martin discovered that a flaw existed in the fix to address
CVE-2011-4108, the DTLS MAC check failure. This could allow a remote
attacker to cause a denial of service. (CVE-2012-0050)

Ben Laurie discovered a double free vulnerability in OpenSSL that could
be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This
could allow a remote attacker to cause a denial of service. This
issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04. (CVE-2011-4109)

It was discovered that OpenSSL, in certain circumstances involving
ECDH or ECDHE cipher suites, used an incorrect modular reduction
algorithm in its implementation of the P-256 and P-384 NIST elliptic
curves. This could allow a remote attacker to obtain the private
key of a TLS server via multiple handshake attempts. This issue only
affected Ubuntu 8.04 LTS. (CVE-2011-4354)

Adam Langley discovered that the SSL 3.0 implementation in OpenSSL
did not properly initialize data structures for block cipher
padding. This could allow a remote attacker to obtain sensitive
information. (CVE-2011-4576)

Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,
could trigger an assert when handling an X.509 certificate containing
certificate-extension data associated with IP address blocks or
Autonomous System (AS) identifiers. This could allow a remote attacker
to cause a denial of service. (CVE-2011-4577)

Adam Langley discovered that the Server Gated Cryptography (SGC)
implementation in OpenSSL did not properly handle handshake
restarts. This could allow a remote attacker to cause a denial of
service. (CVE-2011-4619)

Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL
did not properly handle invalid parameters. This could allow a remote
attacker to cause a denial of service via crafted data from a TLS
client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libssl1.0.0 1.0.0e-2ubuntu4.2

openssl 1.0.0e-2ubuntu4.2

Ubuntu 11.04:

libssl0.9.8 0.9.8o-5ubuntu1.2

openssl 0.9.8o-5ubuntu1.2

Ubuntu 10.10:

libssl0.9.8 0.9.8o-1ubuntu4.6

openssl 0.9.8o-1ubuntu4.6

Ubuntu 10.04 LTS:

libssl0.9.8 0.9.8k-7ubuntu8.8

openssl 0.9.8k-7ubuntu8.8

Ubuntu 8.04 LTS:

libssl0.9.8 0.9.8g-4ubuntu3.15

openssl 0.9.8g-4ubuntu3.15

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0050

Ubuntu Security Notice USN-1350-1

8th February, 2012

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

Jesse Ruderman and Bob Clary discovered memory safety issues affecting
Thunderbird. If the user were tricked into opening a specially crafted
page, an attacker could exploit these to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Thunderbird. (CVE-2012-0442)

It was discovered that Thunderbird did not properly handle node removal in
the DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2011-3659)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Thunderbird. (CVE-2012-0444)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Thunderbird can crash due to memory corruption.
If the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-0449)

Gregory Fleischer discovered that requests using IPv6 hostname syntax
through certain proxies might generate errors. An attacker might be able to
use this to read sensitive data from the error messages. (CVE-2011-3670)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

thunderbird 3.1.18+build2+nobinonly-0ubuntu0.11.04.1

Ubuntu 10.10:

thunderbird 3.1.18+build2+nobinonly-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

thunderbird 3.1.18+build2+nobinonly-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449

Ubuntu Security Notice USN-1353-1

8th February, 2012

xulrunner-1.9.2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Xulrunner.

Software description

• xulrunner-1.9.2 - Mozilla Gecko runtime environment

Details

Jesse Ruderman and Bob Clary discovered memory safety issues affecting the
Gecko Browser engine. If the user were tricked into opening a specially
crafted page, an attacker could exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Xulrunner. (CVE-2012-0442)

It was discovered that the Gecko Browser engine did not properly handle
node removal in the DOM. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Xulrunner. (CVE-2011-3659)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Xulrunner. (CVE-2012-0444)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Xulrunner can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Xulrunner.
(CVE-2012-0449)

Gregory Fleischer discovered that requests using IPv6 hostname syntax
through certain proxies might generate errors. An attacker might be able to
use this to read sensitive data from the error messages. (CVE-2011-3670)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:

xulrunner-1.9.2 1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

xulrunner-1.9.2 1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Yelp or any other
application based on Xulrunner to make all the necessary changes.

References

CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449

Ubuntu Security Notice USN-1356-1

6th February, 2012

linux-ti-omap4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux-ti-omap4 - Linux kernel for OMAP4

Details

A flaw was discovered in the XFS filesystem. If a local user mounts a
specially crafted XFS image it could potential execute arbitrary code on
the system. (CVE-2012-0038)

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

A flaw was found in the linux kernels IPv4 IGMP query processing. A remote
attacker could exploit this to cause a denial of service. (CVE-2012-0207)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-1209-omap4 2.6.38-1209.21

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0038, CVE-2012-0044, CVE-2012-0207

Ubuntu Security Notice USN-1355-3

3rd February, 2012

ubufox and webfav update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

This update provides compatible ubufox and webfav packages for the latest Firefox.

Software description

• ubufox - Ubuntu Firefox specific configuration defaults and apt support
• webfav - Firefox extension for saving web favorites (bookmarks)

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated
ubufox and webfav packages for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:

xul-ext-webfav 1.17-0ubuntu4.1

xul-ext-ubufox 0.9.3-0ubuntu0.10.10.3

Ubuntu 10.04 LTS:

xul-ext-webfav 1.17-0ubuntu3.1

xul-ext-ubufox 0.9.3-0ubuntu0.10.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-2

3rd February, 2012

mozvoikko update

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

This update provides compatible Mozvoikko packages for the latest Firefox.

Software description

• mozvoikko - Finnish spell-checker extension for Firefox

Details

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an
updated Mozvoikko package for use with the latest Firefox.

Original advisory details:

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xul-ext-mozvoikko 2.0.1-0ubuntu0.11.10.1

Ubuntu 11.04:

xul-ext-mozvoikko 2.0.1-0ubuntu0.11.04.1

Ubuntu 10.10:

xul-ext-mozvoikko 2.0.1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

xul-ext-mozvoikko 2.0.1-0ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

LP: 923319

Ubuntu Security Notice USN-1355-1

3rd February, 2012

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in Firefox.

Software description

• firefox - Mozilla Open Source web browser

Details

It was discovered that if a user chose to export their Firefox Sync key
the "Firefox Recovery Key.html" file is saved with incorrect permissions,
making the file contents potentially readable by other users.
(CVE-2012-0450)

Nicolas Gregoire and Aki Helin discovered that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to memory corruption. If
the user were tricked into opening a specially crafted page, an attacker
could exploit this to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-0449)

It was discovered that memory corruption could occur during the decoding of
Ogg Vorbis files. If the user were tricked into opening a specially crafted
file, an attacker could exploit this to cause a denial of service via
application crash, or potentially execute code with the privileges of the
user invoking Firefox. (CVE-2012-0444)

Tim Abraldes discovered that when encoding certain images types the
resulting data was always a fixed size. There is the possibility of
sensitive data from uninitialized memory being appended to these images.
(CVE-2012-0447)

It was discovered that Firefox did not properly perform XPConnect security
checks. An attacker could exploit this to conduct cross-site scripting
(XSS) attacks through web pages and Firefox extensions. With cross-site
scripting vulnerabilities, if a user were tricked into viewing a specially
crafted page, a remote attacker could exploit this to modify the contents,
or steal confidential data, within the same domain. (CVE-2012-0446)

It was discovered that Firefox did not properly handle node removal in the
DOM. If the user were tricked into opening a specially crafted page, an
attacker could exploit this to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Firefox. (CVE-2011-3659)

Alex Dvorov discovered that Firefox did not properly handle sub-frames in
form submissions. An attacker could exploit this to conduct phishing
attacks using HTML5 frames. (CVE-2012-0445)

Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse
Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0442,
CVE-2012-0443)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

firefox 10.0+build1-0ubuntu0.11.10.1

Ubuntu 11.04:

firefox 10.0+build1-0ubuntu0.11.04.1

Ubuntu 10.10:

firefox 10.0+build1-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:

firefox 10.0+build1-0ubuntu0.10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0450, LP: 923319

Ubuntu Security Notice USN-1354-1

1st February, 2012

usbmuxd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04

Summary

usbmuxd could be made to crash or run programs if it received specially crafted input.

Software description

• usbmuxd - USB multiplexor daemon for iPhone and iPod Touch devices

Details

It was discovered that usbmuxd did not correctly perform bounds checking
when processing the SerialNumber field of USB devices. An attacker with
physical access could use this to crash usbmuxd or potentially execute
arbitrary code as the 'usbmux' user.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libusbmuxd1 1.0.7-1ubuntu0.11.10.1

Ubuntu 11.04:

libusbmuxd1 1.0.7-1ubuntu0.11.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0065

Ubuntu Security Notice USN-1352-1

31st January, 2012

software-properties vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Software Properties could be tricked into installing arbitrary PPA GPG keys.

Software description

• software-properties - manage the repositories that you install software from

Details

David Black discovered that Software Properties incorrectly validated
server certificates when performing secure connections to download PPA GPG
key fingerprints. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

python-software-properties 0.81.13.3

Ubuntu 11.04:

python-software-properties 0.80.9.1

Ubuntu 10.10:

python-software-properties 0.76.7.1

Ubuntu 10.04 LTS:

python-software-properties 0.75.10.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4407

Ubuntu Security Notice USN-1351-1

31st January, 2012

accountsservice vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

AccountsService could be made to overwrite files as the administrator.

Software description

• accountsservice - query and manipulate user account information

Details

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled
privileges when modifying the language settings on Ubuntu. A local attacker
could exploit this issue to modify arbitrary files, and possibly create a
denial of service or obtain increased privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

accountsservice 0.6.14-1git1ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4406

Ubuntu Security Notice USN-1349-1

26th January, 2012

xorg vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

X could be made to start by a user who lacked appropriate permissions.

Software description

• xorg - X.Org X Window System

Details

It was discovered that the X wrapper incorrectly checked certain console
permissions when launched by unprivileged users. An attacker connected
remotely could use this flaw to start X, bypassing the console permissions
check.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

xserver-xorg 1:7.6+7ubuntu7.1

Ubuntu 11.04:

xserver-xorg 1:7.6+4ubuntu3.2

Ubuntu 10.10:

xserver-xorg 1:7.5+6ubuntu3.1

Ubuntu 10.04 LTS:

xserver-xorg 1:7.5+5ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4613

Ubuntu Security Notice USN-1348-1

26th January, 2012

icu vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

ICU could be made to crash or run programs as your login if it opened specially crafted data.

Software description

• icu - International Components for Unicode library

Details

It was discovered that ICU did not properly handle invalid locale data
during Unicode conversion. If an application using ICU processed crafted
data, an attacker could cause it to crash or potentially execute arbitrary
code with the privileges of the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libicu44 4.4.2-2ubuntu0.11.10.1

Ubuntu 11.04:

libicu44 4.4.2-2ubuntu0.11.04.1

Ubuntu 10.10:

libicu42 4.2.1-3ubuntu0.10.10.1

Ubuntu 10.04 LTS:

libicu42 4.2.1-3ubuntu0.10.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4599

Ubuntu Security Notice USN-1342-1

25th January, 2012

linux-lts-backport-oneiric vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

The system could be made to run programs as an administrator.

Software description

• linux-lts-backport-oneiric - Linux kernel backport from Oneiric

Details

Jüri Aedla discovered that the kernel incorrectly handled /proc/<pid>/mem
permissions. A local attacker could exploit this and gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-3.0.0-15-server 3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic 3.0.0-15.26~lucid1

linux-image-3.0.0-15-virtual 3.0.0-15.26~lucid1

linux-image-3.0.0-15-generic-pae 3.0.0-15.26~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0056

Ubuntu Security Notice USN-1347-1

25th January, 2012

evince vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Evince could be made to crash or run programs as your login if it opened a specially crafted file.

Software description

• evince - Document viewer

Details

It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.

In the default installation, attackers would be isolated by the Evince
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

libevdocument3 2.32.0-0ubuntu12.4

Ubuntu 10.10:

libevdocument3 2.32.0-0ubuntu1.2

Ubuntu 10.04 LTS:

libevdocument2 2.30.3-0ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0433

Ubuntu Security Notice USN-1263-2

24th January, 2012

openjdk-6, openjdk-6b18 regression

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

USN-1263-1 caused a regression when using OpenJDK 6's SSL/TLS implementation.

Software description

• openjdk-6 - Open Source Java implementation
• openjdk-6b18 - Open Source Java implementation

Details

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for
the chosen plaintext attack on the block-wise AES encryption algorithm
(CVE-2011-3389) introduced a regression that caused TLS/SSL connections
to fail when using certain algorithms. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea web browser plugin. This could allow a
remote attacker to open connections to certain hosts that should
not be permitted. (CVE-2011-3377)

Juliano Rizzo and Thai Duong discovered that the block-wise AES
encryption algorithm block-wise as used in TLS/SSL was vulnerable to
a chosen-plaintext attack. This could allow a remote attacker to view
confidential data. (CVE-2011-3389)

It was discovered that a type confusion flaw existed in the in
the Internet Inter-Orb Protocol (IIOP) deserialization code. A
remote attacker could use this to cause an untrusted application
or applet to execute arbitrary code by deserializing malicious
input. (CVE-2011-3521)

It was discovered that the Java scripting engine did not perform
SecurityManager checks. This could allow a remote attacker to cause
an untrusted application or applet to execute arbitrary code with
the full privileges of the JVM. (CVE-2011-3544)

It was discovered that the InputStream class used a global buffer to
store input bytes skipped. An attacker could possibly use this to gain
access to sensitive information. (CVE-2011-3547)

It was discovered that a vulnerability existed in the AWTKeyStroke
class. A remote attacker could cause an untrusted application or applet
to execute arbitrary code. (CVE-2011-3548)

It was discovered that an integer overflow vulnerability existed
in the TransformHelper class in the Java2D implementation. A remote
attacker could use this cause a denial of service via an application
or applet crash or possibly execute arbitrary code. (CVE-2011-3551)

It was discovered that the default number of available UDP sockets for
applications running under SecurityManager restrictions was set too
high. A remote attacker could use this with a malicious application or
applet exhaust the number of available UDP sockets to cause a denial
of service for other applets or applications running within the same
JVM. (CVE-2011-3552)

It was discovered that Java API for XML Web Services (JAX-WS) could
incorrectly expose a stack trace. A remote attacker could potentially
use this to gain access to sensitive information. (CVE-2011-3553)

It was discovered that the unpacker for pack200 JAR files did not
sufficiently check for errors. An attacker could cause a denial of
service or possibly execute arbitrary code through a specially crafted
pack200 JAR file. (CVE-2011-3554)

It was discovered that the RMI registration implementation did not
properly restrict privileges of remotely executed code. A remote
attacker could use this to execute code with elevated privileges.
(CVE-2011-3556, CVE-2011-3557)

It was discovered that the HotSpot VM could be made to crash, allowing
an attacker to cause a denial of service or possibly leak sensitive
information. (CVE-2011-3558)

It was discovered that the HttpsURLConnection class did not
properly perform SecurityManager checks in certain situations. This
could allow a remote attacker to bypass restrictions on HTTPS
connections. (CVE-2011-3560)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.1

icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.1

openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.1

Ubuntu 11.04:

icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.2

icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.2

openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.2

Ubuntu 10.10:

openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.3

icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.3

openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.3

Ubuntu 10.04 LTS:

openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.3

icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.3

openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java applications
or applets to make all the necessary changes.

References

LP: 891761

Ubuntu Security Notice USN-1346-1

24th January, 2012

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10

Summary

curl could be tricked into injecting arbitrary data if it handled a malicious URL.

Software description

• curl - HTTP, HTTPS, and FTP client and client libraries

Details

Dan Fandrich discovered that curl incorrectly handled URLs containing
embedded or percent-encoded control characters. If a user or automated
system were tricked into processing a specially crafted URL, arbitrary
data could be injected.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

libcurl3-nss 7.21.6-3ubuntu3.2

libcurl3-gnutls 7.21.6-3ubuntu3.2

libcurl3 7.21.6-3ubuntu3.2

Ubuntu 11.04:

libcurl3-nss 7.21.3-1ubuntu1.5

libcurl3-gnutls 7.21.3-1ubuntu1.5

libcurl3 7.21.3-1ubuntu1.5

Ubuntu 10.10:

libcurl3-gnutls 7.21.0-1ubuntu1.3

libcurl3 7.21.0-1ubuntu1.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-0036

Ubuntu Security Notice USN-1345-1

24th January, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.04

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Peter Huewe discovered an information leak in the handling of reading
security-related TPM data. A local, unprivileged user could read the
results of a previous TPM command. (CVE-2011-1162)

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.04:

linux-image-2.6.38-13-powerpc 2.6.38-13.54

linux-image-2.6.38-13-powerpc64-smp 2.6.38-13.54

linux-image-2.6.38-13-generic-pae 2.6.38-13.54

linux-image-2.6.38-13-versatile 2.6.38-13.54

linux-image-2.6.38-13-generic 2.6.38-13.54

linux-image-2.6.38-13-virtual 2.6.38-13.54

linux-image-2.6.38-13-server 2.6.38-13.54

linux-image-2.6.38-13-omap 2.6.38-13.54

linux-image-2.6.38-13-powerpc-smp 2.6.38-13.54

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-1162, CVE-2011-2203, CVE-2011-4110

Ubuntu Security Notice USN-1344-1

24th January, 2012

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

• linux - Linux kernel

Details

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker
could exploit this to cause a kernel oops. (CVE-2011-2203)

A flaw was found in how the Linux kernel handles user-defined key types. An
unprivileged local user could exploit this to crash the system.
(CVE-2011-4110)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.04 LTS:

linux-image-2.6.32-38-powerpc 2.6.32-38.83

linux-image-2.6.32-38-386 2.6.32-38.83

linux-image-2.6.32-38-sparc64 2.6.32-38.83

linux-image-2.6.32-38-generic-pae 2.6.32-38.83

linux-image-2.6.32-38-preempt 2.6.32-38.83

linux-image-2.6.32-38-lpia 2.6.32-38.83

linux-image-2.6.32-38-sparc64-smp 2.6.32-38.83

linux-image-2.6.32-38-powerpc64-smp 2.6.32-38.83

linux-image-2.6.32-38-versatile 2.6.32-38.83

linux-image-2.6.32-38-generic 2.6.32-38.83

linux-image-2.6.32-38-virtual 2.6.32-38.83

linux-image-2.6.32-38-server 2.6.32-38.83

linux-image-2.6.32-38-powerpc-smp 2.6.32-38.83

linux-image-2.6.32-38-ia64 2.6.32-38.83

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2011-2203, CVE-2011-4110

Ubuntu Security Notice USN-1343-1

24th January, 2012

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10

Summary

Several security issues were fixed in Thunderbird.

Software description

• thunderbird - Mozilla Open Source mail and newsgroup client

Details

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler,
David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia
Knous, and Rober Longson discovered several memory safety issues which
could possibly be exploited to crash Thunderbird or execute arbitrary code
as the user that invoked Thunderbird. (CVE-2011-3660)

Aki Helin discovered a crash in the YARR regular expression library that
could be triggered by javascript in web content. (CVE-2011-3661)

It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Thunderbird. (CVE-2011-3658)

Mario Heiderich discovered it was possible to use SVG animation accessKey
events to detect key strokes even when JavaScript was disabled. A malicious
web page could potentially exploit this to trick a user into interacting
with a prompt thinking it came from Thunderbird in a context where the user
believed scripting was disabled. (CVE-2011-3663)

It was discovered that it was possible to crash Thunderbird when scaling an
OGG <video> element to extreme sizes. (CVE-2011-3665)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:

thunderbird 9.0+build2-0ubuntu0.11.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665, LP: 909599