Ubuntu.com RSS News feed

Canonical to Offer Yahoo! Zimbra Desktop through Ubuntu Partner Repository

Thu, 07 Aug 2008 07:17:02 -0700

Canonical to Offer Yahoo! Zimbra Desktop through Ubuntu (R) Partner Repository

Ubuntu users now have direct access to Zimbra’s next generation email and calendaring solution

Canonical to Offer Yahoo! Zimbra Desktop through Ubuntu (R) Partner Repository

Ubuntu users now have direct access to Zimbra’s next generation email and calendaring solution

USN-635-1: xine-lib vulnerabilities

Wed, 06 Aug 2008 13:21:10 -0700

Referenced CVEs:

CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686, CVE-2008-1878

Description:

=========================================================== Ubuntu Security Notice USN-635-1 August 06, 2008 xine-lib vulnerabilities CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-2008-0486, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1686, CVE-2008-1878 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxine-main1 1.1.1+ubuntu2-7.9 Ubuntu 7.04: libxine-main1 1.1.4-2ubuntu3.1 Ubuntu 7.10: libxine1 1.1.7-1ubuntu1.3 Ubuntu 8.04 LTS: libxine1 1.1.11.1-1ubuntu3.1 After a standard system upgrade you need to restart applications linked against xine-lib to effect the necessary changes. Details follow: Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073) Luigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238) Damian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486) It was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110) It was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161) Luigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482) It was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686) Guido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878)

Unison released for Ubuntu to bring unified communications to Linux

Tue, 05 Aug 2008 13:16:44 -0700

Unison™ released for Ubuntu™ to bring unified communications to Linux

Partnership with Canonical will challenge Microsoft unified communications with more powerful and cost-effective Linux alternative

Unison™ released for Ubuntu™ to bring unified communications to Linux

Partnership with Canonical will challenge Microsoft unified communications with more powerful and cost-effective Linux alternative

Canonical To Offer Alfresco Labs Pre-Packaged Within Ubuntu Distribution

Tue, 05 Aug 2008 07:15:27 -0700

Canonical To Offer Alfresco Labs Pre-Packaged Within Ubuntu Distribution

Leading open source proponents take first steps to make enterprise solutions available to combined user base

Linux World EXPO, San Francisco — August 5, 2008 – Alfresco Software, Inc., the leader in open source enterprise content management (ECM), today announced that Canonical, the commercial sponsor of the highly regarded Linux distribution, Ubuntu, will offer Alfresco Labs 3 within a pre-built software download as part of its partner repository. Using the simple apt-get command, end-users can execute a full installation, with all drivers and relevant dependencies pre-packaged. This move provides Alfresco with a new platform from which to reach a rapidly expanding Ubuntu user-base.

Canonical To Offer Alfresco Labs Pre-Packaged Within Ubuntu Distribution

Leading open source proponents take first steps to make enterprise solutions available to combined user base

USN-626-2: Devhelp, Epiphany, Midbrowser and Yelp update

Mon, 04 Aug 2008 07:18:58 -0700

Description:

=========================================================== Ubuntu Security Notice USN-626-2 August 04, 2008 devhelp, epiphany-browser, midbrowser, yelp update https://launchpad.net/bugs/253462 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: devhelp 0.19-1ubuntu1.8.04.3 epiphany-gecko 2.22.2-0ubuntu0.8.04.5 midbrowser 0.3.0rc1a-1~8.04.2 yelp 2.22.1-0ubuntu2.8.04.2 After a standard system upgrade you need to restart Devhelp, Epiphany, Midbrowser and Yelp to effect the necessary changes. Details follow: USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

USN-633-1: libxslt vulnerabilities

Fri, 01 Aug 2008 09:13:05 -0700

Referenced CVEs:

CVE-2008-1767, CVE-2008-2935

Description:

=========================================================== Ubuntu Security Notice USN-633-1 August 01, 2008 libxslt vulnerabilities CVE-2008-1767, CVE-2008-2935 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxslt1.1 1.1.15-1ubuntu1.2 Ubuntu 7.04: libxslt1.1 1.1.20-0ubuntu2.2 Ubuntu 7.10: libxslt1.1 1.1.21-2ubuntu2.2 Ubuntu 8.04 LTS: libxslt1.1 1.1.22-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce. (CVE-2008-1767) Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service. (CVE-2008-2935)

USN-634-1: OpenLDAP vulnerability

Fri, 01 Aug 2008 09:13:05 -0700

Referenced CVEs:

CVE-2008-2952

Description:

=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.8 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.3 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.3 Ubuntu 8.04 LTS: slapd 2.4.9-0ubuntu0.8.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.

USN-632-1: Python vulnerabilities

Fri, 01 Aug 2008 08:14:20 -0700

Referenced CVEs:

CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144

Description:

=========================================================== Ubuntu Security Notice USN-632-1 August 01, 2008 python2.4, python2.5 vulnerabilities CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4 2.4.3-0ubuntu6.2 python2.4-minimal 2.4.3-0ubuntu6.2 Ubuntu 7.04: python2.4 2.4.4-2ubuntu7.2 python2.4-minimal 2.4.4-2ubuntu7.2 python2.5 2.5.1-0ubuntu1.2 python2.5-minimal 2.5.1-0ubuntu1.2 Ubuntu 7.10: python2.4 2.4.4-6ubuntu4.2 python2.4-minimal 2.4.4-6ubuntu4.2 python2.5 2.5.1-5ubuntu5.2 python2.5-minimal 2.5.1-5ubuntu5.2 Ubuntu 8.04 LTS: python2.4 2.4.5-1ubuntu4.1 python2.4-minimal 2.4.5-1ubuntu4.1 python2.5 2.5.2-2ubuntu4.1 python2.5-minimal 2.5.2-2ubuntu4.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679) Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).

Linux World Expo 2008

Wed, 30 Jul 2008 13:12:58 -0700

Ubuntu at Linux World Expo 2008

Launchpad 2.0 Radically Improves Collaboration for Open Source Projects

Tue, 29 Jul 2008 07:15:12 -0700

Launchpad 2.0 Radically Improves Collaboration for Open Source Projects

Canonical’s Launchpad 2.0 Improves Flexibility And Integration of Developer Collaboration Nexus

July 29, 2008 (London) - Canonical Inc. announced today a major new release of Launchpad, including features that make collaborative development faster and more flexible and allowing users to integrate their standalone project infrastructure with Launchpad.

Launchpad 2.0 Radically Improves Collaboration for Open Source Projects

Canonical’s Launchpad 2.0 Improves Flexibility And Integration of Developer Collaboration Nexus

USN-626-1: Firefox and xulrunner vulnerabilities

Mon, 28 Jul 2008 17:08:42 -0700

Referenced CVEs:

CVE-2008-2785, CVE-2008-2933, CVE-2008-2934

Description:

=========================================================== Ubuntu Security Notice USN-626-1 July 29, 2008 firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-2785, CVE-2008-2933, CVE-2008-2934 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.1+build1+nobinonly-0ubuntu0.8.04.3 xulrunner-1.9 1.9.0.1+build1+nobinonly-0ubuntu0.8.04.3 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

USN-630-1: ffmpeg vulnerability

Mon, 28 Jul 2008 16:09:38 -0700

Referenced CVEs:

CVE-2008-3162

Description:

=========================================================== Ubuntu Security Notice USN-630-1 July 28, 2008 ffmpeg vulnerability CVE-2008-3162 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libavformat1d 3:0.cvs20070307-5ubuntu4.1 Ubuntu 8.04 LTS: libavformat1d 3:0.cvs20070307-5ubuntu7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ffmpeg did not correctly handle STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg.

USN-631-1: poppler vulnerability

Mon, 28 Jul 2008 16:09:37 -0700

Referenced CVEs:

CVE-2008-2950

Description:

=========================================================== Ubuntu Security Notice USN-631-1 July 28, 2008 poppler vulnerability CVE-2008-2950 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libpoppler2 0.6-0ubuntu2.3 Ubuntu 8.04 LTS: libpoppler2 0.6.4-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets. If a user were tricked into viewing a malicious PDF file, a remote attacker could exploit this to crash applications linked against poppler, leading to a denial of service.

USN-629-1: Thunderbird vulnerabilities

Thu, 24 Jul 2008 20:54:36 -0700

Referenced CVEs:

CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811

Description:

=========================================================== Ubuntu Security Notice USN-629-1 July 25, 2008 mozilla-thunderbird, thunderbird vulnerabilities CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.6.06.1 Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1 Ubuntu 7.10: thunderbird 2.0.0.16+nobinonly-0ubuntu0.7.10.1 Ubuntu 8.04 LTS: thunderbird 2.0.0.16+nobinonly-0ubuntu0.8.04.1 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: Various flaws were discovered in the browser engine. If a user had Javascript enabled and were tricked into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) It was discovered that Thunderbird would allow non-privileged XUL documents to load chrome scripts from the fastload file if Javascript was enabled. This could allow an attacker to execute arbitrary Javascript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Thunderbird that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user had Javascript enabled and was tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, Thunderbird may be able to see data from other programs. (CVE-2008-2807) John G. Myers discovered a weakness in the trust model used by Thunderbird regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A vulnerability was discovered in the block reflow code of Thunderbird. If a user enabled Javascript, this vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811) A flaw was discovered in the browser engine. A variable could be made to overflow causing Thunderbird to crash. If a user enable Javascript and was tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Mozilla developers audited the MIME handling code looking for similar vulnerabilities to the previously fixed CVE-2008-0304, and changed several function calls to use safer versions of string routines.

USN-628-1: PHP vulnerabilities

Wed, 23 Jul 2008 12:56:46 -0700

Referenced CVEs:

CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829

Description:

=========================================================== Ubuntu Security Notice USN-628-1 July 23, 2008 php5 vulnerabilities CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.12 php5-cgi 5.1.2-1ubuntu3.12 php5-cli 5.1.2-1ubuntu3.12 php5-curl 5.1.2-1ubuntu3.12 Ubuntu 7.04: libapache2-mod-php5 5.2.1-0ubuntu1.6 php5-cgi 5.2.1-0ubuntu1.6 php5-cli 5.2.1-0ubuntu1.6 php5-curl 5.2.1-0ubuntu1.6 Ubuntu 7.10: libapache2-mod-php5 5.2.3-1ubuntu6.4 php5-cgi 5.2.3-1ubuntu6.4 php5-cli 5.2.3-1ubuntu6.4 php5-curl 5.2.3-1ubuntu6.4 Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.3 php5-cgi 5.2.4-2ubuntu5.3 php5-cli 5.2.4-2ubuntu5.3 php5-curl 5.2.4-2ubuntu5.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782) Maksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898) It was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user's login credentials. This issue only affects Ubuntu 8.04 LTS. (CVE-2007-5899) It was discovered that PHP did not properly calculate the length of PATH_TRANSLATED. If a PHP application were tricked into processing a malicious URI, and attacker may be able to execute arbitrary code with application privileges. (CVE-2008-0599) An integer overflow was discovered in the php_sprintf_appendstring function. Attackers could exploit this to cause a denial of service. (CVE-2008-1384) Andrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI of PHP. An attacker may be able to leverage this issue to perform attacks against PHP applications. (CVE-2008-2050) It was discovered that the escapeshellcmd did not properly process multibyte characters. An attacker may be able to bypass quoting restrictions and possibly execute arbitrary code with application privileges. (CVE-2008-2051) It was discovered that the GENERATE_SEED macro produced a predictable seed under certain circumstances. Attackers may by able to easily predict the results of the rand and mt_rand functions. (CVE-2008-2107, CVE-2008-2108) Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause PHP applications using pcre to crash, leading to a denial of service. USN-624-1 fixed vulnerabilities in the pcre3 library. This update provides the corresponding update for PHP. (CVE-2008-2371) It was discovered that php_imap used obsolete API calls. If a PHP application were tricked into processing a malicious IMAP request, an attacker could cause a denial of service or possibly execute code with application privileges. (CVE-2008-2829)

USN-627-1: Dnsmasq vulnerability

Tue, 22 Jul 2008 09:56:22 -0700

Referenced CVEs:

CVE-2008-1447

Description:

=========================================================== Ubuntu Security Notice USN-627-1 July 22, 2008 dnsmasq vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dnsmasq-base 2.41-2ubuntu2.1 After a standard system upgrade you need to restart Dnsmasq to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

USN-623-1: Firefox vulnerabilities

Thu, 17 Jul 2008 08:58:22 -0700

Referenced CVEs:

CVE-2008-2785, CVE-2008-2933

Description:

=========================================================== Ubuntu Security Notice USN-623-1 July 17, 2008 firefox vulnerabilities CVE-2008-2785, CVE-2008-2933 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614d-0ubuntu1 Ubuntu 7.04: firefox 2.0.0.16+0nobinonly-0ubuntu0.7.4 Ubuntu 7.10: firefox 2.0.0.16+1nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

USN-625-1: Linux kernel vulnerabilities

Tue, 15 Jul 2008 19:53:57 -0700

Referenced CVEs:

CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826

Description:

=========================================================== Ubuntu Security Notice USN-625-1 July 15, 2008 linux, linux-source-2.6.15/20/22 vulnerabilities CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-52-386 2.6.15-52.69 linux-image-2.6.15-52-686 2.6.15-52.69 linux-image-2.6.15-52-amd64-generic 2.6.15-52.69 linux-image-2.6.15-52-amd64-k8 2.6.15-52.69 linux-image-2.6.15-52-amd64-server 2.6.15-52.69 linux-image-2.6.15-52-amd64-xeon 2.6.15-52.69 linux-image-2.6.15-52-hppa32 2.6.15-52.69 linux-image-2.6.15-52-hppa32-smp 2.6.15-52.69 linux-image-2.6.15-52-hppa64 2.6.15-52.69 linux-image-2.6.15-52-hppa64-smp 2.6.15-52.69 linux-image-2.6.15-52-itanium 2.6.15-52.69 linux-image-2.6.15-52-itanium-smp 2.6.15-52.69 linux-image-2.6.15-52-k7 2.6.15-52.69 linux-image-2.6.15-52-mckinley 2.6.15-52.69 linux-image-2.6.15-52-mckinley-smp 2.6.15-52.69 linux-image-2.6.15-52-powerpc 2.6.15-52.69 linux-image-2.6.15-52-powerpc-smp 2.6.15-52.69 linux-image-2.6.15-52-powerpc64-smp 2.6.15-52.69 linux-image-2.6.15-52-server 2.6.15-52.69 linux-image-2.6.15-52-server-bigiron 2.6.15-52.69 linux-image-2.6.15-52-sparc64 2.6.15-52.69 linux-image-2.6.15-52-sparc64-smp 2.6.15-52.69 Ubuntu 7.04: linux-image-2.6.20-17-386 2.6.20-17.37 linux-image-2.6.20-17-generic 2.6.20-17.37 linux-image-2.6.20-17-hppa32 2.6.20-17.37 linux-image-2.6.20-17-hppa64 2.6.20-17.37 linux-image-2.6.20-17-itanium 2.6.20-17.37 linux-image-2.6.20-17-lowlatency 2.6.20-17.37 linux-image-2.6.20-17-mckinley 2.6.20-17.37 linux-image-2.6.20-17-powerpc 2.6.20-17.37 linux-image-2.6.20-17-powerpc-smp 2.6.20-17.37 linux-image-2.6.20-17-powerpc64-smp 2.6.20-17.37 linux-image-2.6.20-17-server 2.6.20-17.37 linux-image-2.6.20-17-server-bigiron 2.6.20-17.37 linux-image-2.6.20-17-sparc64 2.6.20-17.37 linux-image-2.6.20-17-sparc64-smp 2.6.20-17.37 Ubuntu 7.10: linux-image-2.6.22-15-386 2.6.22-15.56 linux-image-2.6.22-15-cell 2.6.22-15.56 linux-image-2.6.22-15-generic 2.6.22-15.56 linux-image-2.6.22-15-hppa32 2.6.22-15.56 linux-image-2.6.22-15-hppa64 2.6.22-15.56 linux-image-2.6.22-15-itanium 2.6.22-15.56 linux-image-2.6.22-15-lpia 2.6.22-15.56 linux-image-2.6.22-15-lpiacompat 2.6.22-15.56 linux-image-2.6.22-15-mckinley 2.6.22-15.56 linux-image-2.6.22-15-powerpc 2.6.22-15.56 linux-image-2.6.22-15-powerpc-smp 2.6.22-15.56 linux-image-2.6.22-15-powerpc64-smp 2.6.22-15.56 linux-image-2.6.22-15-rt 2.6.22-15.56 linux-image-2.6.22-15-server 2.6.22-15.56 linux-image-2.6.22-15-sparc64 2.6.22-15.56 linux-image-2.6.22-15-sparc64-smp 2.6.22-15.56 linux-image-2.6.22-15-ume 2.6.22-15.56 linux-image-2.6.22-15-virtual 2.6.22-15.56 linux-image-2.6.22-15-xen 2.6.22-15.56 Ubuntu 8.04 LTS: linux-image-2.6.24-19-386 2.6.24-19.36 linux-image-2.6.24-19-generic 2.6.24-19.36 linux-image-2.6.24-19-hppa32 2.6.24-19.36 linux-image-2.6.24-19-hppa64 2.6.24-19.36 linux-image-2.6.24-19-itanium 2.6.24-19.36 linux-image-2.6.24-19-lpia 2.6.24-19.36 linux-image-2.6.24-19-lpiacompat 2.6.24-19.36 linux-image-2.6.24-19-mckinley 2.6.24-19.36 linux-image-2.6.24-19-openvz 2.6.24-19.36 linux-image-2.6.24-19-powerpc 2.6.24-19.36 linux-image-2.6.24-19-powerpc-smp 2.6.24-19.36 linux-image-2.6.24-19-powerpc64-smp 2.6.24-19.36 linux-image-2.6.24-19-rt 2.6.24-19.36 linux-image-2.6.24-19-server 2.6.24-19.36 linux-image-2.6.24-19-sparc64 2.6.24-19.36 linux-image-2.6.24-19-sparc64-smp 2.6.24-19.36 linux-image-2.6.24-19-virtual 2.6.24-19.36 linux-image-2.6.24-19-xen 2.6.24-19.36 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2007-6282) Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712) Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598) Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-1615) Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT did not correctly handle certain length values. Remote attackers could exploit this to execute arbitrary code or crash the system. (CVE-2008-1673) Paul Marks discovered that the SIT interfaces did not correctly manage allocated memory. A remote attacker could exploit this to fill all available memory, leading to a denial of service. (CVE-2008-2136) David Miller and Jan Lieskovsky discovered that the Sparc kernel did not correctly range-check memory regions allocated with mmap. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2137) The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service. (CVE-2008-2148) Brandon Edwards discovered that the DCCP system in the kernel did not correctly check feature lengths. A remote attacker could exploit this to execute arbitrary code. (CVE-2008-2358) A race condition was discovered between ptrace and utrace in the kernel. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365) The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729) The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code. (CVE-2008-2750) Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826)

USN-624-1: PCRE vulnerability

Mon, 14 Jul 2008 19:54:59 -0700

Referenced CVEs:

CVE-2008-2371

Description:

=========================================================== Ubuntu Security Notice USN-624-1 July 15, 2008 pcre3 vulnerability CVE-2008-2371 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.3 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.3 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.3 Ubuntu 8.04 LTS: libpcre3 7.4-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

USN-622-1: Bind vulnerability

Tue, 08 Jul 2008 14:54:29 -0700

Referenced CVEs:

CVE-2008-1447

Description:

=========================================================== Ubuntu Security Notice USN-622-1 July 08, 2008 bind9 vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.5 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.3 Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2 Ubuntu 8.04 LTS: libdns35 1:9.4.2-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

USN-619-1: Firefox vulnerabilities

Wed, 02 Jul 2008 05:53:04 -0700

Referenced CVEs:

CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811

Description:

=========================================================== Ubuntu Security Notice USN-619-1 July 02, 2008 firefox vulnerabilities CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1 Ubuntu 7.04: firefox 2.0.0.15+0nobinonly-0ubuntu0.7.4 Ubuntu 7.10: firefox 2.0.0.15+1nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an attacker-controlled JavaScript file. (CVE-2008-2801) It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Firefox that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805) Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs. (CVE-2008-2807) Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be opened by the browser at all. (CVE-2008-2808) John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user's computer. (CVE-2008-2810) A vulnerability was discovered in the block reflow code of Firefox. This vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811)