USNs for ubuntu 13.04

USN-2089-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker…

23 January 2014

USN-2084-1: devscripts vulnerability

It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code.

21 January 2014

USN-2083-1: Graphviz vulnerabilities

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. (CVE-2014-0978, CVE-2014-1235) It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a…

16 January 2014

USN-2082-1: CUPS vulnerability

Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

15 January 2014

USN-2081-1: Bind vulnerability

Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

13 January 2014

USN-2080-1: Memcached vulnerabilities

Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. (CVE-2011-4971) Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this…

13 January 2014

USN-2079-1: OpenSSL vulnerabilities

Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2013-4353) Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to…

9 January 2014

USN-2077-2: Puppet regression

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this…

9 January 2014

USN-2078-1: libXfont vulnerability

It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

7 January 2014

USN-2077-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

6 January 2014

USN-2074-1: Linux kernel (OMAP4) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel’s per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel’s ansi cprng random number…

3 January 2014

USN-2073-1: Linux kernel vulnerabilities

Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the…

3 January 2014

USN-2063-1: NSS vulnerability

It was discovered that an intermediate certificate was incorrectly issued by a subordinate certificate authority of a trusted CA included in NSS. This intermediate certificate could be used in a man-in-the-middle attack, and has such been marked as untrusted in this update.

20 December 2013

USN-2062-1: OpenStack Horizon vulnerability

Chris Chapman discovered cross-site scripting (XSS) vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting (XSS) attacks against users viewing these pages in order to modify the contents or steal confidential data within the same domain.

20 December 2013

USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities

Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

19 December 2013

USN-2059-1: GnuPG vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.

18 December 2013

USN-2058-1: curl vulnerability

Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted…

18 December 2013

USN-2057-1: Qt vulnerability

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.

17 December 2013

USN-2055-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash,…

12 December 2013

USN-2053-1: Thunderbird vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges…

11 December 2013

USN-2052-1: Firefox vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the…

11 December 2013

USN-2054-1: Samba vulnerabilities

It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. (CVE-2012-6150) Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length…

11 December 2013

USN-2051-1: GIMP vulnerability

Murray McAllister discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user’s privileges.

9 December 2013

USN-2048-1: curl vulnerability

Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

5 December 2013

USN-2047-1: pixman vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash.

3 December 2013

USN-2046-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a…

3 December 2013

USN-2045-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol (SCTP) of the Linux kernel. A remote attacker could exploit this flaw to obtain…

3 December 2013

USN-2035-1: Ruby vulnerabilities

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-4164) Vit Ondruch discovered…

27 November 2013

USN-2034-1: OpenStack Keystone vulnerability

Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.

25 November 2013

USN-2032-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607)

21 November 2013

USN-2031-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607)

20 November 2013

USN-2030-1: NSS vulnerabilities

Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu…

18 November 2013

USN-2027-1: SPICE vulnerability

Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.

12 November 2013

USN-2025-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

11 November 2013

USN-2024-1: Linux kernel (OMAP4) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) Kees Cook discovered flaw…

8 November 2013

USN-2023-1: Linux kernel vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement (RA) messages in the Linux kernel’s IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information. (CVE-2013-0343) Dan Carpenter discovered…

8 November 2013

USN-2013-1: MAAS vulnerabilities

It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. (CVE-2013-1057) It was discovered that maas-import-pxe-files doesn’t cryptographically verify…

7 November 2013

USN-2011-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

4 November 2013

USN-2010-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

31 October 2013

USN-2009-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1739, CVE-2013-5590,…

29 October 2013

USN-2008-1: Suds vulnerability

Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.

24 October 2013

USN-2007-1: Apport vulnerability

Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.

24 October 2013

USN-2006-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug…

24 October 2013

USN-2005-1: Cinder vulnerabilities

Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. (CVE-2013-4183) Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the…

23 October 2013

USN-2004-1: python-glanceclient vulnerability

Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack.

23 October 2013

USN-2000-1: Nova vulnerabilities

It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. (CVE-2013-2256, CVE-2013-4278) Grant Murphy discovered that Nova would allow XML entity…

23 October 2013

USN-2002-1: Keystone vulnerabilities

Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. (CVE-2013-4222) Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends….

23 October 2013

USN-2003-1: Glance vulnerability

Stuart McLaren discovered that Glance did not properly enforce the ‘download_image’ policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.

23 October 2013

USN-2001-1: Swift vulnerability

Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.

23 October 2013

USN-1999-1: Linux kernel (OMAP4) vulnerability

Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

22 October 2013

USN-1998-1: Linux kernel vulnerabilities

An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. (CVE-2013-2237) Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux…

22 October 2013

USN-1991-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker…

21 October 2013

USN-1990-1: X.Org X server vulnerabilities

Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396) It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker…

17 October 2013

USN-1989-1: ICU vulnerabilities

It was discovered that ICU contained a race condition affecting multi- threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10….

15 October 2013

USN-1988-1: Cyrus SASL vulnerability

It was discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could use this issue to cause Cyrus SASL to crash, resulting in a denial of service.

9 October 2013

USN-1987-1: GnuPG vulnerabilities

Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in…

9 October 2013

USN-1986-1: Network Audio System (NAS) vulnerabilities

Hamid Zamani discovered multiple security issues in the Network Audio System (NAS) server. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2013-4256, CVE-2013-4257)

1 October 2013

USN-1985-1: Python 3.3 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. (CVE-2013-2099) Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject…

1 October 2013

USN-1983-1: Python 2.7 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. (CVE-2013-2099) Ryan Sleevi discovered that Python did not properly handle…

1 October 2013

USN-1980-1: Vino vulnerability

Jonathan Claudius discovered that Vino incorrectly handled closing invalid connections. A remote attacker could use this issue to cause Vino to consume resources, resulting in a denial of service.

30 September 2013

USN-1979-1: txt2man vulnerability

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.

30 September 2013

USN-1975-1: Linux kernel (OMAP4) vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A failure to validate block numbers was discovered in the Linux kernel’s implementation of the XFS filesystem. A local user can cause a…

27 September 2013

USN-1974-1: Linux kernel vulnerabilities

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-4254) A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory…

27 September 2013

USN-1966-1: Samba vulnerability

Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

24 September 2013

USN-1967-1: Django vulnerabilities

It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. (CVE-2013-1443) It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. (CVE-2013-4315) It was discovered that the…

24 September 2013

USN-1965-1: pyOpenSSL vulnerability

It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

23 September 2013

USN-1964-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)

23 September 2013

USN-1952-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

18 September 2013

USN-1963-1: usb-creator vulnerability

It was discovered that usb-creator was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1962-1: ubuntu-system-service vulnerability

It was discovered that ubuntu-system-service was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1961-1: systemd vulnerability

It was discovered that systemd was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1960-1: Software Properties vulnerability

It was discovered that Software Properties was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1959-1: RealtimeKit vulnerability

It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1958-1: language-selector vulnerability

It was discovered that language-selector was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1956-1: HPLIP vulnerability

It was discovered that HPLIP was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1955-1: apt-xapian-index vulnerability

It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

18 September 2013

USN-1954-1: libvirt vulnerabilities

It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. (CVE-2013-4311) It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use…

18 September 2013

USN-1953-1: polkit vulnerability

It was discovered that polkit didn’t allow applications to use the pkcheck tool in a way which prevented a race condition in the UID lookup. A local attacker could use this flaw to possibly escalate privileges.

18 September 2013

USN-1951-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1718, CVE-2013-1719) Atte Kettunen…

17 September 2013

USN-1950-1: Light Display Manager vulnerability

It was discovered that Light Display Manager created .Xauthority files with incorrect permissions. A local attacker could use this flaw to bypass access restrictions.

12 September 2013

USN-1949-1: ImageMagick vulnerability

It was discovered that ImageMagick incorrectly handled decoding GIF image comments. If a user or automated system using ImageMagick were tricked into opening a specially crafted GIF image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

10 September 2013

USN-1948-1: httplib2 vulnerability

It was discovered that httplib2 only validated SSL certificates on the first request to a connection, and didn’t report validation failures on subsequent requests. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be exploited in certain scenarios to alter or compromise confidential information in…

9 September 2013

USN-1946-1: Linux kernel (OMAP4) vulnerabilities

A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a denial of service by creating a large number of files with names that have the same CRC32 hash value. (CVE-2012-5374) A denial of service flaw was discovered in the Btrfs file system in the Linux kernel. A local user could cause a…

6 September 2013

USN-1938-1: Linux kernel vulnerabilities

Vasily Kulikov discovered a flaw in the Linux Kernel’s perf tool that allows specified to be run as root. A local could exploit this flaw to run commands as root when using the perf tool. user could exploit this (CVE-2013-1060) A flaw was discovered in the Xen subsystem of the Linux kernel when it provides read-only access to a disk that supports…

5 September 2013

USN-1937-1: PHP vulnerability

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

5 September 2013

USN-1935-1: Linux kernel vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory….

20 August 2013

USN-1934-1: Linux kernel (OMAP4) vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel’s Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1059) An information leak was discovered in the Linux kernel’s fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory….

20 August 2013

USN-1928-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files. (CVE-2013-4761) It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with the permissions that existed when they were…

15 August 2013

USN-1927-1: libimobiledevice vulnerability

Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.

14 August 2013

USN-1926-1: SPICE vulnerability

David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.

14 August 2013

USN-1925-1: Thunderbird vulnerabilities

Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user…

7 August 2013

USN-1924-2: Ubufox and Unity Firefox Extension update

USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Original advisory details: Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user…

6 August 2013

USN-1924-1: Firefox vulnerabilities

Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially…

6 August 2013

USN-1923-1: GnuPG, Libgcrypt vulnerability

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys.

1 August 2013

USN-1922-1: Evolution Data Server vulnerability

Yves-Alexis Perez discovered that Evolution Data Server did not properly select GPG recipients. Under certain circumstances, this could result in Evolution encrypting email to an unintended recipient.

31 July 2013

USN-1911-2: Ghostscript vulnerability

USN-1911-1 fixed vulnerabilities in Little CMS. This update provides the corresponding updates for Ghostscript. Original advisory details: It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could…

31 July 2013

USN-1920-1: Linux kernel (OMAP4) vulnerability

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

30 July 2013

USN-1919-1: Linux kernel vulnerability

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-2852) Marcus Moeller and Ken Fallon discovered that the CIFS incorrectly built certain paths. A local attacker with access to a CIFS partition could exploit…

29 July 2013

USN-1911-1: Little CMS vulnerability

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.

29 July 2013

USN-1910-1: Bind vulnerability

Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

29 July 2013

USN-1909-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features,…

25 July 2013

USN-1904-2: libxml2 regression

USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted …

17 July 2013

USN-1907-2: IcedTea Web update

USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the…

16 July 2013

USN-1907-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458) A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571) A vulnerability…

16 July 2013

USN-1906-1: File Roller vulnerability

Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory.

16 July 2013

USN-1905-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. (CVE-2013-4113) It was discovered that PHP incorrectly…

16 July 2013

USN-1903-1: Apache HTTP Server vulnerabilities

It was discovered that the mod_rewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. (CVE-2013-1862) It was discovered that the mod_dav module incorrectly handled certain…

15 July 2013

USN-1904-1: libxml2 vulnerabilities

It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10….

15 July 2013

USN-1902-1: Ruby vulnerability

William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

9 July 2013

USN-1898-1: OpenSSL vulnerability

The TLS protocol 1.2 and earlier can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext content by observing length differences during a series of guesses in which a provided string potentially matches an unknown string in encrypted and compressed…

4 July 2013

USN-1897-1: PyMongo vulnerability

Jibbers McGee discovered that PyMongo incorrectly handled certain invalid DBRefs. An attacker could use this issue to cause PyMongo to crash, resulting in a denial of service.

3 July 2013

USN-1890-2: Firefox regression

USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in Firefox. If the user were tricked into…

3 July 2013

USN-1896-1: Module::Signature perl module vulnerability

Florian Weimer discovered that the Module::Signature perl module incorrectly loaded unknown ciphers from relative directories. An attacker could possibly use this flaw to execute arbitrary code when a signature is verified.

3 July 2013

USN-1895-1: libvirt vulnerability

It was discovered that libvirt incorrectly handled certain storage pool requests. A remote attacker could use this issue to cause libvirt to consume resources, resulting in a denial of service.

2 July 2013

USN-1894-1: curl vulnerability

Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

2 July 2013

USN-1893-1: Subversion vulnerabilities

Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. (CVE-2013-1845) Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly…

27 June 2013

USN-1891-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird….

26 June 2013

USN-1890-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1682, CVE-2013-1683) Abhishek Arya…

26 June 2013

USN-1889-1: HAProxy vulnerability

David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.

20 June 2013

USN-1888-1: Mesa vulnerabilities

It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. (CVE-2013-1872) Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash,…

20 June 2013

USN-1887-1: OpenStack Swift vulnerabilities

Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this…

20 June 2013

USN-1886-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled YAML payloads. An attacker on an untrusted client could use this issue to execute arbitrary code on the master.

18 June 2013

USN-1884-1: LibRaw vulnerability

It was discovered that LibRaw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against LibRaw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

18 June 2013

USN-1883-1: Linux kernel (OMAP4) vulnerabilities

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2013-2850) Andy Lutomirski discover an error in the Linux kernel’s credential handling on unix sockets. A local user could…

14 June 2013

USN-1875-1: OpenStack Keystone vulnerabilities

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu 12.10 which does not use PKI tokens by default….

14 June 2013

USN-1874-1: DBus vulnerability

Alexandru Cornea discovered that DBus incorrectly handled certain messages. A local attacker could use this issue to cause system services to crash, resulting in a denial of service.

13 June 2013

USN-1873-1: telepathy-gabble vulnerabilities

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote…

12 June 2013

USN-1872-1: PHP vulnerability

It was discovered that PHP incorrectly handled the quoted_printable_encode function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code.

11 June 2013

USN-1871-1: xserver-xorg-video-openchrome vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

10 June 2013

USN-1859-1: libxi vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1870-1: libxxf86vm vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1869-1: libxxf86dga vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1868-1: libxvmc vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1867-1: libxv vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1866-1: libxtst vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1865-1: libxt vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1864-1: libxres vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1863-1: libxrender vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1862-1: libxrandr vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1861-1: libxp vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1860-1: libxinerama vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1858-1: libxfixes vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1857-1: libxext vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1856-1: libxcursor vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1855-1: libxcb vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1854-1: libx11 vulnerabilities

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1853-1: libfs vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1852-1: libdmx vulnerability

Ilja van Sprundel discovered multiple security issues in various X.org libraries and components. An attacker could use these issues to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 June 2013

USN-1851-1: python-keystoneclient vulnerability

Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens (the default in Ubuntu 13.04), a previously authenticated user could continue to use a PKI token for longer than intended.

3 June 2013

USN-1847-1: Linux kernel vulnerability

Kees Cook discovered a flaw in the Linux kernel’s iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.

30 May 2013

USN-1838-1: Linux kernel (OMAP4) vulnerabilities

An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to escalate privileges on the system. (CVE-2013-2094) A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the…

30 May 2013

USN-1843-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

29 May 2013

USN-1842-1: KDE-Libs vulnerability

It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

29 May 2013

USN-1841-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-3544) It was discovered that Tomcat…

28 May 2013

USN-1837-1: Linux kernel vulnerabilities

An information leak was discovered in the Linux kernel’s tkill and tgkill system calls when used from compat processes. A local user could exploit this flaw to examine potentially sensitive kernel memory. (CVE-2013-2141) A flaw was discovered in the Linux kernel’s perf events subsystem for Intel Sandy Bridge and Ivy Bridge processors. A local…

24 May 2013

USN-1832-1: LibTIFF vulnerabilities

Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

21 May 2013

USN-1831-1: OpenStack Nova vulnerability

Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

16 May 2013

USN-1830-1: OpenStack Keystone vulnerability

Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.

16 May 2013

USN-1827-1: Linux kernel vulnerability

An flaw was discovered in the Linux kernel’s perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

16 May 2013

USN-1823-1: Thunderbird vulnerabilities

Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird….

14 May 2013

USN-1822-1: Firefox vulnerabilities

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered…

14 May 2013

USN-1821-1: telepathy-idle vulnerability

It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

9 May 2013

USN-1817-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code.

7 May 2013

USN-1816-1: ClamAV vulnerabilities

It was discovered that ClamAV would incorrectly parse a UPX-packed executable, leading to possible inappropriate heap reads. An attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-2020) It was discovered that ClamAV would incorrectly parse a PDF…

3 May 2013

USN-1815-1: Linux kernel vulnerabilities

Andy Lutomirski discover an error in the Linux kernel’s credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. (CVE-2013-1979) Andy Lutomirski discovered a privilege escalation in the Linux kernel’s user namespaces. A local user could exploit the flaw to gain administrative privileges….

2 May 2013

USN-1807-2: MySQL vulnerabilities

USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and…

25 April 2013