USNs for ubuntu 11.10

USN-1819-1: OpenJDK 6 vulnerabilities

Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. (CVE-2013-0401) James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to…

7 May 2013

USN-1816-1: ClamAV vulnerabilities

It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020) It was discovered that ClamAV would incorrectly parse a PDF…

3 May 2013

USN-1807-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new…

25 April 2013

USN-1804-2: IcedTea-Web regression

USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We apologize for the inconvenience. Original…

23 April 2013

USN-1804-1: IcedTea-Web vulnerabilities

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. (CVE-2013-1926) It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR…

18 April 2013

USN-1803-1: X.Org X server vulnerability

It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes.

17 April 2013

USN-1801-1: curl vulnerability

YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

16 April 2013

USN-1800-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-2942) Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection…

15 April 2013

USN-1791-1: Thunderbird vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or…

8 April 2013

USN-1786-1: Firefox vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service…

4 April 2013

USN-1789-1: PostgreSQL vulnerabilities

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server’s data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10….

4 April 2013

USN-1787-1: Linux kernel vulnerabilities

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). (CVE-2013-0914) A memory use…

2 April 2013

USN-1785-1: poppler vulnerabilities

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.

2 April 2013

USN-1784-1: libxslt vulnerability

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.

2 April 2013

USN-1783-1: Bind vulnerability

Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.

29 March 2013

USN-1782-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.

28 March 2013

USN-1780-1: Ruby vulnerability

Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

25 March 2013

USN-1779-1: GNOME Online Accounts vulnerability

It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.

25 March 2013

USN-1778-1: Linux kernel (OMAP4) vulnerabilities

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel’s Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. (CVE-2013-0228) A flaw was reported in the permission checks done by the Linux kernel…

22 March 2013

USN-1773-1: ClamAV vulnerabilities

Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind discovered multiple security issues with ClamAV. An attacker could use these issues to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

21 March 2013

USN-1771-1: OpenStack Nova vulnerabilities

Loganathan Parthipan discovered that Nova did not properly validate VNC tokens after an instance was deleted. An authenticated attacker could exploit this to access other virtual machines under certain circumstances. This issue did not affect Ubuntu 11.10. (CVE-2013-0335) Vish Ishaya discovered that Nova did not always enforce quotas on…

20 March 2013

USN-1770-1: Perl vulnerability

Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.

19 March 2013

USN-1765-1: Apache HTTP Server vulnerabilities

Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could…

18 March 2013

USN-1763-2: NSPR update

USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform …

14 March 2013

USN-1763-1: NSS vulnerability

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

14 March 2013

USN-1762-1: APT vulnerability

Ansgar Burchardt discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling InRelease file support completely. Please note that this update breaks third-party…

14 March 2013

USN-1761-1: PHP vulnerability

It was discovered that PHP incorrectly handled XML external entities in SOAP WSDL files. A remote attacker could use this flaw to read arbitrary files off the server.

13 March 2013

USN-1758-2: Thunderbird vulnerability

USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code…

13 March 2013

USN-1759-1: Puppet vulnerabilities

It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. (CVE-2013-1653) It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could…

12 March 2013

USN-1758-1: Firefox vulnerability

It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program.

8 March 2013

USN-1757-1: Django vulnerabilities

James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update…

7 March 2013

USN-1756-1: Linux kernel vulnerabilities

A failure to validate input was discovered in the Linux kernel’s Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. (CVE-2013-0216) A memory leak was discovered in the Linux kernel’s Xen netback (network backend) driver. A user in a guest OS could…

6 March 2013

USN-1755-1: OpenJDK 6 vulnerabilities

It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809) It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as…

5 March 2013

USN-1729-2: Firefox regression

USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew…

1 March 2013

USN-1754-1: Sudo vulnerability

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

28 February 2013

USN-1753-1: DBus-GLib vulnerability

Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the “NameOwnerChanged” signal was received. A local attacker could possibly use this issue to escalate their privileges.

27 February 2013

USN-1752-1: GnuTLS vulnerability

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

27 February 2013

USN-1748-1: Thunderbird vulnerabilities

Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the…

25 February 2013

USN-1747-1: Transmission vulnerability

It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

25 February 2013

USN-1746-1: Pidgin vulnerabilities

Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0271) It was discovered that Pidgin incorrectly handled long HTTP headers in…

25 February 2013

USN-1740-1: Linux kernel (OMAP4) vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel’s ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

22 February 2013

USN-1739-1: Linux kernel vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel’s ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

22 February 2013

USN-1735-1: OpenJDK vulnerabilities

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169) A vulnerability was discovered in the OpenJDK JRE…

21 February 2013

USN-1734-1: OpenStack Nova vulnerability

Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. (CVE-2013-1664)

21 February 2013

USN-1732-1: OpenSSL vulnerabilities

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2012-2686) Stephen Henson discovered that OpenSSL…

21 February 2013

USN-1729-1: Firefox vulnerabilities

Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an…

20 February 2013

USN-1726-1: Linux kernel (OMAP4) vulnerabilities

It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. (CVE-2012-2669) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can…

14 February 2013

USN-1724-1: OpenJDK vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429,…

14 February 2013

USN-1723-1: Qt vulnerabilities

Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624) Stephen Cheng…

14 February 2013

USN-1722-1: jQuery vulnerability

It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within…

13 February 2013

USN-1720-1: Linux kernel vulnerabilities

It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. (CVE-2012-2669) Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can…

12 February 2013

USN-1717-1: PostgreSQL vulnerability

Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.

12 February 2013

USN-1681-4: Firefox regression

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary…

5 February 2013

USN-1714-1: QXL graphics driver vulnerability

It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.

5 February 2013

USN-1713-1: Squid vulnerabilities

It was discovered that squid’s cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. (CVE-2012-5643) It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a…

31 January 2013

USN-1712-1: Inkscape vulnerabilities

It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. (CVE-2012-5656) It was discovered that Inkscape attempted to open certain files from the /tmp…

30 January 2013

USN-1710-1: OpenStack Glance vulnerability

Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator’s Swift credentials for a misconfigured or otherwise unusable Swift endpoint.

29 January 2013

USN-1709-1: OpenStack Nova vulnerability

Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.

29 January 2013

USN-1707-1: libssh vulnerability

Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.

28 January 2013

USN-1705-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

28 January 2013

USN-1681-3: Firefox regression

USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert…

22 January 2013

USN-1703-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.67 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.29. In addition to security fixes, the updated packages contain bug fixes,…

22 January 2013

USN-1701-1: Vino vulnerability

It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity.

22 January 2013

USN-1695-1: RPM vulnerabilities

It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.

17 January 2013

USN-1692-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.

16 January 2013

USN-1691-1: Linux kernel (OMAP4) vulnerability

A flaw was discovered in the Linux kernel’s handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.

15 January 2013

USN-1689-1: Linux kernel vulnerabilities

Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. (CVE-2012-4461) A flaw was discovered in the Linux kernel’s handling of script…

15 January 2013

USN-1687-2: NSPR update

USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

14 January 2013

USN-1687-1: NSS vulnerability

Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

14 January 2013

USN-1686-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

14 January 2013

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3546) It was discovered that…

14 January 2013

USN-1682-1: GnuPG vulnerability

KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.

9 January 2013

USN-1681-2: Thunderbird vulnerabilities

USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O’Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues…

9 January 2013

USN-1681-1: Firefox vulnerabilities

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O’Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of…

9 January 2013

USN-1680-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the priviliges of the web server (user ‘www-data’). It was discovered that MoinMoin also did not properly…

30 December 2012

USN-1679-1: Linux kernel (OMAP4) vulnerability

A flaw was discovered in the Linux kernel’s handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

20 December 2012

USN-1677-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel’s handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.

20 December 2012

USN-1676-1: AppArmor update

Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.

19 December 2012

USN-1674-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

19 December 2012

USN-1668-1: Apport update

Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.

17 December 2012

USN-1666-1: Aptdaemon vulnerability

It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

17 December 2012

USN-1662-1: APT vulnerability

It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information.

12 December 2012

USN-1659-1: GIMP vulnerability

It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

10 December 2012

USN-1658-1: MySQL vulnerability

It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.

10 December 2012

USN-1656-1: Libxml2 vulnerability

It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.

6 December 2012

USN-1655-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

5 December 2012

USN-1654-1: CUPS vulnerability

It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.

5 December 2012

USN-1638-3: Firefox regressions

USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Original advisory details: Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew…

3 December 2012

USN-1649-1: Linux kernel (OMAP4) vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Rodrigo Freire discovered a flaw in the Linux kernel’s TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. (CVE-2012-4565) Mathias…

30 November 2012

USN-1648-1: Linux kernel vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel’s uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. (CVE-2012-0957) Rodrigo Freire discovered a flaw in the Linux kernel’s TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. (CVE-2012-4565) Mathias…

30 November 2012

USN-1643-1: Perl vulnerabilities

It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the ‘new’ constructor in the Digest module is vulnerable to an eval injection. An attacker could use…

30 November 2012

USN-1642-1: Lynx vulnerabilities

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810) It was discovered that…

29 November 2012

USN-1640-1: libssh vulnerabilities

Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562)

26 November 2012

USN-1638-2: ubufox update

USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety…

21 November 2012

USN-1638-1: Firefox vulnerabilities

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of…

21 November 2012

USN-1636-1: Thunderbird vulnerabilities

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute…

21 November 2012

USN-1637-1: Tomcat vulnerabilities

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733) It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to…

21 November 2012

USN-1632-2: Django regression

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Kettle discovered Django did not properly filter the Host HTTP header when processing certain…

20 November 2012

USN-1634-1: Python Keyring vulnerabilities

Dwayne Litzenberger discovered that Python Keyring’s CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-4571) It was discovered that Python Keyring created keyring files with…

20 November 2012

USN-1632-1: Django vulnerability

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.

15 November 2012

USN-1631-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges….

15 November 2012

USN-1629-1: libproxy vulnerabilities

Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code. (CVE-2012-4504, CVE-2012-4505)

12 November 2012

USN-1628-1: Qt vulnerability

Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.

8 November 2012

USN-1627-1: Apache HTTP Server vulnerabilities

It was discovered that the mod_negotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could…

8 November 2012

USN-1625-1: Icedtea-Web vulnerability

Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.

7 November 2012

USN-1622-1: Munin vulnerabilities

It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103) It was discovered that Munin incorrectly handled plugin state file permissions. An…

5 November 2012

USN-1621-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.66 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.28. In addition to security fixes, the updated packages contain bug fixes,…

5 November 2012

USN-1620-2: Thunderbird vulnerabilities

USN-1620-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Please note that Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. Original advisory details: Mariusz Mlynski and others discovered several flaws in Firefox that allowed a…

30 October 2012

USN-1620-1: Firefox vulnerabilities

Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-4194, CVE-2012-4195) Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could…

26 October 2012

USN-1619-1: OpenJDK vulnerabilities

Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071) Several vulnerabilities were…

26 October 2012

USN-1618-1: Exim vulnerability

It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.

26 October 2012

USN-1615-1: Python 3.2 vulnerabilities

It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a…

23 October 2012

USN-1612-1: libgssglue vulnerability

It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2011-2709)

15 October 2012

USN-1611-1: Thunderbird vulnerabilities

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the…

12 October 2012

USN-1609-1: Linux kernel (OMAP4) vulnerability

A flaw was found in how the Linux kernel’s KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137) Mathias Krause discover an error in Linux kernel’s Datagram Congestion Control…

12 October 2012

USN-1608-1: Firefox vulnerabilities

It was discovered that the browser engine used in Firefox contained a memory corruption flaw. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-4191) It was discovered that Firefox allowed improper…

11 October 2012

USN-1607-1: Linux kernel vulnerabilities

Vadim Ponomarev discovered a flaw in the Linux kernel causing a reference leak when PID namespaces are used. A remote attacker could exploit this flaw causing a denial of service. (CVE-2012-2127) A flaw was found in how the Linux kernel’s KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged…

11 October 2012

USN-1605-1: Quagga vulnerability

It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

11 October 2012

USN-1604-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data,…

11 October 2012

USN-1603-1: Ruby vulnerabilities

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

10 October 2012

USN-1601-1: Bind vulnerability

Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

10 October 2012

USN-1600-1: Firefox vulnerabilities

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983,…

9 October 2012

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system…

4 October 2012

USN-1595-1: libxslt vulnerabilities

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was…

4 October 2012

USN-1576-2: DBus regressions

USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Krahmer discovered that DBus incorrectly handled environment …

4 October 2012

USN-1593-1: devscripts vulnerabilities

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. (CVE-2012-0212) Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to…

2 October 2012

USN-1592-1: Python 2.7 vulnerabilities

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset…

2 October 2012

USN-1590-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.

2 October 2012

USN-1589-1: GNU C Library vulnerabilities

It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple…

2 October 2012

USN-1588-1: Software Properties vulnerability

It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

1 October 2012

USN-1551-2: Thunderbird regressions

USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir…

28 September 2012

USN-1587-1: libxml2 vulnerability

Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

27 September 2012

USN-1586-1: Emacs vulnerabilities

Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-0035) Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a…

27 September 2012

USN-1585-1: FreeRADIUS vulnerability

Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a…

26 September 2012

USN-1578-1: Linux kernel (OMAP4) vulnerabilities

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could…

21 September 2012

USN-1576-1: DBus vulnerability

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.

20 September 2012

USN-1571-1: DHCP vulnerability

Glen Eustace discovered that the DHCP server incorrectly handled IPv6 expiration times. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. This issue only affected Ubuntu 11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955) Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped…

18 September 2012

USN-1570-1: GnuPG vulnerability

It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.

17 September 2012

USN-1569-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a…

17 September 2012

USN-1568-1: Linux kernel vulnerabilities

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. (CVE-2012-3412) Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could…

14 September 2012

USN-1566-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

13 September 2012

USN-1548-2: Firefox regression

USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir…

11 September 2012

USN-1527-2: XML-RPC for C and C++ vulnerabilities

USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Expat computed hash values without restricting the …

10 September 2012

USN-1560-1: Django vulnerabilities

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442) It was discovered that Django incorrectly handled validating certain images. A remote attacker…

10 September 2012

USN-1559-1: GIMP vulnerabilities

Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening…

10 September 2012

USN-1558-1: Linux kernel (OMAP4) vulnerability

A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372) Mathias Krause discovered an information leak in the Linux kernel’s TUN/TAP device driver. A local user could exploit this flaw to examine part of…

7 September 2012

USN-1554-1: Linux kernel vulnerability

A flaw was found in the Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372) Mathias Krause discovered an information leak in the Linux kernel’s TUN/TAP device driver. A local user could exploit this flaw to examine part of…

5 September 2012

USN-1553-1: OpenJDK 6 vulnerabilities

It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. (CVE-2012-1682) It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a…

3 September 2012

USN-1551-1: Thunderbird vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via…

30 August 2012

USN-1505-2: IcedTea-Web regression

USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the problem. We apologize for the…

30 August 2012

USN-1548-1: Firefox vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application…

29 August 2012

USN-1547-1: libGData, evolution-data-server vulnerability

Vreixo Formoso discovered that the libGData library, as used by Evolution and other applications, did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter data transmitted via the GData protocol.

28 August 2012

USN-1546-1: libgc vulnerability

It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code.

28 August 2012

USN-1545-1: Nova vulnerability

Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and an authenticated user could still corrupt arbitrary files on the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges.

22 August 2012

USN-1544-1: ImageMagick vulnerability

Tom Lane discovered that ImageMagick would not always properly allocate memory. If a user or automated system using ImageMagick were tricked into opening a specially crafted PNG image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

22 August 2012

USN-1542-1: PostgreSQL vulnerabilities

Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. (CVE-2012-3488) Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users…

21 August 2012

USN-1543-1: Config-IniFiles vulnerability

It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files.

20 August 2012

USN-1482-3: ClamAV regression

USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a…

16 August 2012

USN-1541-1: libotr vulnerability

Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.

16 August 2012

USN-1540-1: NSS vulnerability

Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash.

16 August 2012

USN-1536-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

13 August 2012

USN-1533-1: Linux kernel vulnerabilities

An error was discovered in the Linux kernel’s network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Ulrich Obergfell discovered an…

10 August 2012

USN-1532-1: Linux kernel (OMAP4) vulnerabilities

An error was discovered in the Linux kernel’s network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) Ulrich Obergfell discovered an…

10 August 2012

USN-1527-1: Expat vulnerabilities

It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did…

10 August 2012

USN-1526-1: KOffice vulnerability

It was discovered that KOffice incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

9 August 2012

USN-1523-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to gain root privileges.

6 August 2012

USN-1522-1: QEMU vulnerability

It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

2 August 2012

USN-1521-1: IcedTea-Web vulnerabilities

Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. (CVE-2012-3422) Steven Bergom and others discovered that the…

31 July 2012

USN-1520-1: Kerberos vulnerabilities

Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015) Emmanuel Bouillon discovered that the MIT krb5 Key…

31 July 2012

USN-1519-1: DHCP vulnerabilities

Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. (CVE-2012-3571) Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to…

26 July 2012

USN-1518-1: Bind vulnerability

Einar Lonn discovered that Bind incorrectly initialized the failing-query cache. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

26 July 2012

USN-1517-1: Mono vulnerabilities

It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3382) It was discovered that the Mono System.Web library…

25 July 2012

USN-1513-1: libexif vulnerabilities

Mateusz Jurczyk discovered that libexif incorrectly parsed certain malformed EXIF tags. If a user or automated system were tricked into processing a specially crafted image file, an attacker could cause libexif to crash, leading to a denial of service, or possibly obtain sensitive information. (CVE-2012-2812, CVE-2012-2813) Mateusz Jurczyk…

23 July 2012

USN-1512-1: KDE PIM vulnerability

It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.

19 July 2012

USN-1511-1: tiff vulnerability

Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

19 July 2012

USN-1509-2: ubufox update

USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Original advisory details: Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting…

18 July 2012

USN-1510-1: Thunderbird vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via…

17 July 2012

USN-1509-1: Firefox vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application…

17 July 2012

USN-1505-1: OpenJDK 6 vulnerabilities

It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that multiple flaws…

13 July 2012

USN-1506-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. (CVE-2012-3864) It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the “Delete” method, an…

12 July 2012

USN-1503-1: Rhythmbox vulnerability

Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.

11 July 2012

USN-1500-1: Pidgin vulnerabilities

Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601) Thijs Alkemade discovered that Pidgin…

9 July 2012

USN-1499-1: Linux kernel (OMAP4) vulnerability

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

9 July 2012

USN-1498-1: tiff vulnerabilities

It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered…

5 July 2012

USN-1497-1: Nova vulnerabilities

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. (CVE-2012-3360) Pádraig Brady…

3 July 2012

USN-1495-1: LibreOffice vulnerabilities

Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149) Sven Jacobi discovered an integer…

2 July 2012

USN-1487-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel’s NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).

29 June 2012

USN-1484-1: PyCrypto vulnerability

It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.

28 June 2012

USN-1485-1: AccountsService vulnerability

Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.

28 June 2012

USN-1483-1: NetworkManager vulnerability

It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.

27 June 2012

USN-1483-2: network-manager-applet vulnerability

USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. Original advisory details: It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This…

27 June 2012

USN-1463-4: Thunderbird vulnerabilities

USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into…

22 June 2012

USN-1463-3: Firefox regressions

USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian…

20 June 2012

USN-1482-2: ClamAV regression

USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR…

20 June 2012

USN-1482-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. (CVE-2012-1457, CVE-2012-1459) It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a…

19 June 2012

USN-1481-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781) It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a…

19 June 2012

USN-1480-1: Raptor vulnerability

Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user’s system or potentially execute arbitrary code with the privileges of the user…

18 June 2012

USN-1478-1: Libav vulnerabilities

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly handled certain malformed DV files. If a user were tricked into opening a crafted DV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu…

18 June 2012

USN-1477-1: APT vulnerability

Georgi Guninski discovered that APT did not properly validate imported keyrings via apt-key net-update. USN-1475-1 added additional verification for imported keyrings, but it was insufficient. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects…

15 June 2012

USN-1476-1: Linux kernel (OMAP4) vulnerabilities

Andy Adamson discovered a flaw in the Linux kernel’s NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131) A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in…

15 June 2012

USN-1463-2: Unity 2D update

USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem.

15 June 2012

USN-1475-1: APT update

Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions.

15 June 2012

USN-1466-2: Nova regression

USN 1466-1 fixed a vulnerability in Nova. The upstream patch introduced a regression when a security group granted full access and therefore the network protocol was left unset, causing an error in processing. This update fixes the issue. We apologize for the inconvenience. Original advisory details: It was discovered that, when defining…

12 June 2012

USN-1430-4: AppArmor update

USN-1430-1 fixed vulnerabilities in Firefox and USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an AppArmor package with updated abstractions for use with the latest Firefox and Thunderbird.

12 June 2012

USN-1472-1: Linux kernel vulnerabilities

Andy Adamson discovered a flaw in the Linux kernel’s NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131) A flaw was discovered in the Linux kernel’s KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in…

12 June 2012

USN-1467-1: MySQL vulnerabilities

It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. (CVE-2012-2122) MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have…

11 June 2012

USN-1466-1: Nova vulnerability

It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. ‘TCP’) in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.

6 June 2012

USN-1463-1: Firefox vulnerabilities

Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially…

6 June 2012

USN-1465-2: Ubuntu One storage protocol update

USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. Original advisory details: It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle…

6 June 2012

USN-1465-1: Ubuntu One Client vulnerability

It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

6 June 2012

USN-1464-1: Ubuntu Single Sign On Client vulnerability

It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

6 June 2012

USN-1462-1: Bind vulnerabilities

Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain…

5 June 2012

USN-1461-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143) It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could…

5 June 2012

USN-1443-2: Update Manager vulnerability

USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Original advisory details: Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result…

4 June 2012

USN-1459-1: Linux kernel (OMAP4) vulnerabilities

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process….

31 May 2012

USN-1456-1: Nut vulnerability

Sebastian Pohle discovered that Nut did not properly validate its input when receiving data over the network. If upsd was configured to allow connections over the network, a remote attacker could exploit this to cause a denial of service (application crash).

31 May 2012

USN-1452-1: Linux kernel vulnerabilities

A flaw was found in the Linux kernel’s KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1601) Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process….

25 May 2012

USN-1451-1: OpenSSL vulnerabilities

Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). (CVE-2012-0884) It was discovered that an integer underflow was possible when using TLS 1.1, TLS…

24 May 2012

USN-1450-1: Net-SNMP vulnerability

It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.

23 May 2012

USN-1447-1: libxml2 vulnerability

Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

21 May 2012

USN-1446-1: Linux kernel (OMAP4) vulnerabilities

A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086) A flaw was discovered in the Linux kernel’s cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service….

18 May 2012

USN-1444-1: BackupPC vulnerability

It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the…

17 May 2012

USN-1443-1: Update Manager vulnerabilities

It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. (CVE-2012-0948) Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when…

17 May 2012

USN-1442-1: Sudo vulnerability

It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the…

16 May 2012

USN-1441-1: Quagga vulnerabilities

It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2012-0249, CVE-2012-0250) It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote…

15 May 2012

USN-1437-1: PHP vulnerability

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable. This update addresses the issue…

4 May 2012

USN-1430-3: Thunderbird vulnerabilities

USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user…

4 May 2012

USN-1438-1: Nova vulnerability

Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.

3 May 2012

USN-1436-1: Libtasn1 vulnerability

Matthew Hall discovered that Libtasn1 incorrectly handled certain large values. An attacker could exploit this with a specially crafted ASN.1 structure and cause a denial of service, or possibly execute arbitrary code.

2 May 2012

USN-1435-1: ImageMagick vulnerabilities

Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the…

1 May 2012

USN-1434-1: Samba vulnerability

Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.

1 May 2012

USN-1431-1: Linux kernel vulnerabilities

A flaw was found in the Linux’s kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086) Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to…

1 May 2012

USN-1430-2: ubufox update

USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting…

27 April 2012

USN-1430-1: Firefox vulnerabilities

Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or…

27 April 2012

USN-1428-1: OpenSSL vulnerability

It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. (CVE-2012-2131) The original upstream fix for CVE-2012-2110…

24 April 2012

USN-1427-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96. In addition to security fixes, the updated packages contain bug fixes, new features, and…

24 April 2012

USN-1424-1: OpenSSL vulnerabilities

It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER…

19 April 2012

USN-1423-1: Samba vulnerability

Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. (CVE-2012-1182)

13 April 2012

USN-1420-1: NVIDIA graphics drivers vulnerability

It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges.

11 April 2012

USN-1419-1: Puppet vulnerabilities

It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. (CVE-2012-1906) It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this to read arbitrary files. (CVE-2012-1986) It was…

11 April 2012

USN-1418-1: GnuTLS vulnerabilities

Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. (CVE-2011-4128) Matthew Hall discovered that the GnuTLS library incorrectly handled…

5 April 2012

USN-1417-1: libpng vulnerability

It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

5 April 2012

USN-1416-1: tiff vulnerabilities

Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173) It was discovered that the…

4 April 2012

USN-1400-4: Thunderbird regressions

USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird version caused a regression in IMAP connections and mail filtering. This update fixes the problem. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through …

3 April 2012

USN-1414-1: Aptdaemon vulnerability

It was discovered that Aptdaemon incorrectly handled installing packages without performing a transaction simulation. An attacker could possibly use this flaw to install altered packages.

2 April 2012

USN-1197-8: ca-certificates-java regression

USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These…

29 March 2012

USN-1413-1: Nova vulnerability

Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.

29 March 2012

USN-1412-1: Linux kernel vulnerability

Somnath Kotur discovered an error in the Linux kernel’s VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.

29 March 2012

USN-1197-7: ca-certificates-java vulnerability

USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. Original advisory details: It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent…

27 March 2012

USN-1405-1: Linux kernel vulnerabilities

Paolo Bonzini discovered a flaw in Linux’s handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127) A flaw was found in the Linux kernel’s ext4 file system when mounting a corrupt filesystem. A…

27 March 2012

USN-1404-1: Linux kernel (OMAP4) vulnerability

Somnath Kotur discovered an error in the Linux kernel’s VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3347) A flaw was found in the Linux kernel’s ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this…

27 March 2012

USN-1403-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126) Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were…

23 March 2012

USN-1402-1: libpng vulnerability

It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

22 March 2012

USN-1400-3: Thunderbird vulnerabilities

USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents…

21 March 2012

USN-1400-2: ubufox update

USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to…

16 March 2012

USN-1400-1: Firefox vulnerabilities

Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. (CVE-2012-0455) Atte Kettunen discovered a use-after-free vulnerability in Firefox’s handling of SVG…

16 March 2012

USN-1399-2: Light Display Manager vulnerability

Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.

13 March 2012

USN-1398-1: LTSP Display Manager vulnerability

Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.

12 March 2012

USN-1397-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes,…

12 March 2012

USN-1396-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. (CVE-2009-5029) It was discovered that the GNU C Library did not properly…

9 March 2012

USN-1395-1: PyPAM vulnerability

Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.

8 March 2012

USN-1385-1: APT vulnerability

Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

6 March 2012

USN-1382-1: Light Display Manager vulnerability

Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.

5 March 2012

USN-1381-1: Ubuntu One Couch vulnerability

It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

1 March 2012

USN-1378-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. (CVE-2012-0866) It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32…

28 February 2012

USN-1377-1: Ruby vulnerabilities

Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. (CVE-2010-0541) Drew Yao discovered that Ruby’s BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to…

28 February 2012

USN-1376-1: libxml2 vulnerability

Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.

27 February 2012

USN-1375-1: httplib2 vulnerability

The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.

27 February 2012

USN-1373-1: OpenJDK 6 vulnerabilities

It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of…

24 February 2012

USN-1372-1: Puppet vulnerabilities

It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). (CVE-2012-1053) It was discovered that Puppet unsafely opened files when the k5login…

23 February 2012

USN-1371-1: cvs vulnerability

It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.

22 February 2012

USN-1370-1: libvorbis vulnerability

It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user’s privileges.

20 February 2012

USN-1369-1: Thunderbird vulnerabilities

Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of…

17 February 2012

USN-1367-2: Firefox vulnerability

USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Original advisory details: Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, …

17 February 2012

USN-1367-1: libpng vulnerabilities

It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063) Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk…

16 February 2012

USN-1368-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607) Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch…

16 February 2012

USN-1284-2: Update Manager regression

USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: David Black discovered that Update Manager incorrectly extracted the downloaded upgrade…

16 February 2012

USN-1366-1: devscripts vulnerabilities

Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0210) Raphael Geissert discovered that debdiff did not properly sanitize its input when…

15 February 2012

USN-1365-1: Puppet vulnerability

It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.

14 February 2012

USN-1364-1: Linux kernel (OMAP4) vulnerabilities

A bug was discovered in the Linux kernel’s calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. (CVE-2011-4097) A flaw was discovered in the XFS filesystem. If a local user…

13 February 2012

USN-1363-1: Linux kernel vulnerabilities

A bug was discovered in the Linux kernel’s calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. (CVE-2011-4097) A flaw was found in KVM’s Programmable Interval Timer (PIT)….

13 February 2012

USN-1358-2: PHP regression

USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. We apologize for the inconvenience. Original advisory details: It was discovered that PHP computed hash values for form parameters …

13 February 2012

USN-1360-1: Firefox vulnerability

Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0452)

13 February 2012

USN-1359-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. (CVE-2011-3375) It was discovered that Tomcat computed hash values for form…

13 February 2012

USN-1358-1: PHP vulnerabilities

It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of external…

10 February 2012

USN-1357-1: OpenSSL vulnerabilities

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu…

9 February 2012

USN-1355-2: Mozvoikko update

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially…

3 February 2012

USN-1355-1: Firefox vulnerabilities

It was discovered that if a user chose to export their Firefox Sync key the “Firefox Recovery Key.html” file is saved with incorrect permissions, making the file contents potentially readable by other users. (CVE-2012-0450) Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due…

3 February 2012

USN-1354-1: usbmuxd vulnerability

It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the ‘usbmux’ user.

1 February 2012

USN-1352-1: Software Properties vulnerability

David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

31 January 2012

USN-1351-1: AccountsService vulnerability

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled privileges when modifying the language settings on Ubuntu. A local attacker could exploit this issue to modify arbitrary files, and possibly create a denial of service or obtain increased privileges.

31 January 2012

USN-1349-1: X.Org vulnerability

It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check.

26 January 2012

USN-1348-1: ICU vulnerability

It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

26 January 2012

USN-1263-2: OpenJDK 6 regression

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm (CVE-2011-3389) introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for the inconvenience. Original advisory details: …

24 January 2012

USN-1346-1: curl vulnerability

Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.

24 January 2012

USN-1343-1: Thunderbird vulnerabilities

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird….

24 January 2012

USN-1339-1: QEMU vulnerability

Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as…

23 January 2012

USN-1336-1: Linux kernel vulnerability

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem’s handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) A flaw was found…

23 January 2012

USN-1334-1: libxml2 vulnerabilities

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216) It was discovered that…

19 January 2012

USN-1335-1: t1lib vulnerabilities

Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. (CVE-2010-2642, CVE-2011-0433) Jonathan Brossard discovered that t1lib did not correctly handle certain malformed…

19 January 2012

USN-1333-1: Libav vulnerabilities

Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04….

17 January 2012

USN-1330-1: Linux kernel (OMAP4) vulnerabilities

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem’s handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) A flaw was found…

13 January 2012

USN-1326-1: Nova vulnerability

Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants.

11 January 2012

USN-1322-1: Linux kernel vulnerability

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

9 January 2012

USN-1306-2: Mozvoikko and ubufox update

USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Original advisory details: Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered…

6 January 2012

USN-1306-1: Firefox vulnerabilities

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin…

6 January 2012

USN-1316-1: t1lib vulnerability

Jonathan Brossard discovered that t1lib did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges.

21 December 2011

USN-1315-1: JasPer vulnerabilities

Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.

20 December 2011

USN-1310-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain ISO 9660 image files. If a user were tricked into using a specially crafted ISO 9660 image file, a remote attacker could cause libarchive to crash or possibly execute arbitrary code with user privileges. (CVE-2011-1777) It was discovered that libarchive incorrectly handled certain tar…

19 December 2011

USN-1309-1: DHCP vulnerability

It was discovered that the DHCP server incorrectly handled certain malformed packets when configured to evaluate regular expressions. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

15 December 2011

USN-1308-1: bzip2 vulnerability

vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.

14 December 2011

USN-1307-1: PHP vulnerability

Florent Hochwelker discovered that PHP incorrectly handled certain EXIF headers in JPEG files. A remote attacker could exploit this issue to view sensitive information or cause the PHP server to crash.

14 December 2011

USN-1305-1: Nova vulnerability

David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.

13 December 2011

USN-1298-1: Apache Commons Daemon vulnerability

Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.

12 December 2011

USN-1297-1: Django vulnerabilities

Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. (CVE-2011-4136) Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of…

9 December 2011

USN-1296-1: acpid vulnerabilities

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. (CVE-2011-2777) Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker…

8 December 2011

USN-1295-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

8 December 2011

USN-1290-1: Kerberos vulnerability

Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC). An authenticated remote attacker could use this to cause a denial of service.

8 December 2011

USN-1289-1: colord vulnerability

It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.

7 December 2011

USN-1288-1: vsftpd vulnerability

It was discovered that the 2.6.35 and earlier Linux kernel does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) in applications that require a separate namespace per connection, like vsftpd. This update adjusts vsftpd to only…

7 December 2011

USN-1287-1: Linux (OMAP4) vulnerability

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

5 December 2011

USN-1284-1: Update Manager vulnerabilities

David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. (CVE-2011-3152) David Black discovered that Update Manager created a temporary…

28 November 2011

USN-1282-1: Thunderbird vulnerabilities

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts…

28 November 2011

USN-1277-2: Mozvoikko and ubufox update

USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Original advisory details: Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging…

23 November 2011

USN-1277-1: Firefox vulnerabilities

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts…

23 November 2011

USN-1276-1: KDE Utilities vulnerability

Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal.

21 November 2011

USN-1275-1: Linux kernel vulnerability

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a…

21 November 2011

USN-1270-1: Software Center vulnerability

David B. discovered that Software Center incorrectly validated server certificates when performing secure connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information or install altered packages and repositories.

21 November 2011

USN-1267-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2011-3256) It was discovered that FreeType did not correctly handle certain…

18 November 2011

USN-1266-1: OpenLDAP vulnerability

It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted crafted LDIF entry containing an empty postalAddress.

17 November 2011

USN-1265-1: system-config-printer vulnerability

Marc Deslauriers discovered that system-config-printer’s cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.

17 November 2011

USN-1264-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.

16 November 2011

USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377) Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL…

16 November 2011

USN-1262-1: Light Display Manager vulnerabilities

It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. (CVE-2011-3153) It was discovered that Light Display Manager incorrectly handled links when adjusting permissions on .Xauthority…

15 November 2011

USN-1260-1: Linux kernel (OMAP4) vulnerability

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a…

14 November 2011

USN-1261-1: Quagga vulnerabilities

Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3323) Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled…

14 November 2011

USN-1259-1: Apache vulnerabilities

It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. (CVE-2011-3368) Stefano Nichele discovered…

11 November 2011

USN-1258-1: ClamAV vulnerability

Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.

10 November 2011

USN-1257-1: radvd vulnerabilities

Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This…

10 November 2011

USN-1255-1: libmodplug vulnerabilities

Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. (CVE-2011-2911, CVE-2011-2912,…

9 November 2011

USN-1252-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. (CVE-2011-1184) Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use…

8 November 2011

USN-1250-1: Empathy vulnerabilities

It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations.

28 October 2011

USN-1249-1: BackupPC vulnerabilities

It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the…

27 October 2011

USN-1247-1: Nova vulnerability

An information leak was discovered in Nova. An attacker with access to a valid EC2_ACCESS_KEY could obtain the corresponding EC2_SECRET_KEY for that user.

25 October 2011

USN-1238-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled the non-default “certdnsnames” option when generating certificates. If this setting was added to puppet.conf, the puppet master’s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master’s certificate. An attacker that has an incorrect…

24 October 2011

USN-1237-1: PAM vulnerabilities

Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-3148) Kees Cook discovered…

24 October 2011

USN-1233-1: Kerberos Vulnerabilities

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. (CVE-2011-1527) Mark Deneen discovered that an assert() could be triggered in the krb5_ldap_lockout_audit() function in the…

18 October 2011

USN-1232-1: X.Org X server vulnerabilities

It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818) It was discovered that the X server…

18 October 2011

USN-1231-1: PHP Vulnerabilities

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function’s handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the…

18 October 2011