Wednesday, February 15, 2012

Ubuntu Security Notice USN-1367-1

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please file a bug, or contact security@ubuntu.com. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.


Ubuntu Security Notice 1367-1 -
It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.

USN-1367-1: libpng vulnerabilities - 16th February 2012

It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-5063) Jueri Aedla discovered that libpng did not properly verify the size used ...

CVE-2009-5063 CVE-2011-3026

USN-1368-1: Apache HTTP Server vulnerabilities - 16th February 2012

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607) Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern ...

CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053

USN-1284-2: Update Manager regression - 16th February 2012

USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Original advisory details: David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before ...

LP: 933225

USN-1366-1: devscripts vulnerabilities - 15th February 2012

Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-0210) Raphael Geissert discovered that debdiff did not properly sanitize its input ...

CVE-2012-0210 CVE-2012-0211 CVE-2012-0212

USN-1365-1: Puppet vulnerability - 14th February 2012

It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.

CVE-2011-0528

USN-1364-1: Linux kernel (OMAP4) vulnerabilities - 13th February 2012

A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules ...

CVE-2012-0038 CVE-2012-0055 CVE-2012-0056 CVE-2012-0207

USN-1363-1: Linux kernel vulnerabilities - 13th February 2012

A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622) A flaw was discovered in the XFS filesystem. If a local user mounts a specially ...

CVE-2011-4622 CVE-2012-0038 CVE-2012-0055 CVE-2012-0207

USN-1362-1: Linux kernel vulnerabilities - 13th February 2012

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use ...

CVE-2011-3353 CVE-2011-4622 CVE-2012-0038 CVE-2012-0044

USN-1361-1: Linux kernel vulnerabilities - 13th February 2012

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353) A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use ...

CVE-2011-3353 CVE-2011-4622 CVE-2012-0038 CVE-2012-0044

USN-1358-2: PHP regression - 13th February 2012

USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. We apologize for the inconvenience. Original advisory details: It was discovered that PHP computed hash values for form parameters without ...

LP: 930115

USN-1360-1: Firefox vulnerability - 13th February 2012

Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0452)

CVE-2012-0452 LP: 929833

USN-1359-1: Tomcat vulnerabilities - 13th February 2012

It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. (CVE-2011-3375) It was discovered that Tomcat computed hash values for ...

CVE-2011-3375 CVE-2011-4858 CVE-2012-0022

USN-1358-1: PHP vulnerabilities - 9th February 2012

It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. (CVE-2011-4885) ATTENTION: this update changes previous PHP behavior by limiting the number of ...

CVE-2011-0441 CVE-2011-4153 CVE-2011-4885 CVE-2012-0057 CVE-2012-0788 CVE-2012-0830CVE-2012-0831

USN-1357-1: OpenSSL vulnerabilities - 9th February 2012

It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only ...

CVE-2011-1945 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050

USN-1350-1: Thunderbird vulnerabilities - 8th February 2012

Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442) It ...

CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

USN-1353-1: Xulrunnner vulnerabilities - 8th February 2012

Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking ...

CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449

USN-1356-1: Linux kernel (OMAP4) vulnerabilities - 6th February 2012

A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the ...

CVE-2012-0038 CVE-2012-0044 CVE-2012-0207

USN-1355-3: ubufox and webfav update - 3rd February 2012

USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents ...

LP: 923319

USN-1355-2: Mozvoikko update - 3rd February 2012

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially ...

LP: 923319

USN-1355-1: Firefox vulnerabilities - 3rd February 2012

It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. (CVE-2012-0450) Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can ...

CVE-2011-3659 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446CVE-2012-0447 CVE-2012-0449 CVE-2012-0450 LP: 923319

USN-1354-1: usbmuxd vulnerability - 1st February 2012

It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.

CVE-2012-0065

USN-1352-1: Software Properties vulnerability - 31st January 2012

David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

CVE-2011-4407

USN-1351-1: AccountsService vulnerability - 31st January 2012

Hayawardh Vijayakumar discovered that AccountsService incorrectly handled privileges when modifying the language settings on Ubuntu. A local attacker could exploit this issue to modify arbitrary files, and possibly create a denial of service or obtain increased privileges.

CVE-2011-4406

USN-1349-1: X.Org vulnerability - 26th January 2012

It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check.

CVE-2011-4613

USN-1348-1: ICU vulnerability - 26th January 2012

It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

CVE-2011-4599

USN-1342-1: Linux kernel (Oneiric backport) vulnerability - 25th January 2012

Jüri Aedla discovered that the kernel incorrectly handled /proc//mem permissions. A local attacker could exploit this and gain root privileges.

CVE-2012-0056

USN-1347-1: Evince vulnerability - 25th January 2012

It was discovered that Evince did not properly parse AFM font files when processing DVI files. If a user were tricked into opening a specially crafted DVI file, an attacker could cause Evince to crash or potentially execute arbitrary code with the privileges of the user invoking the program. In ...

CVE-2011-0433

USN-1263-2: OpenJDK 6 regression - 24th January 2012

USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm (CVE-2011-3389) introduced a regression that caused TLS/SSL connections to fail when using certain algorithms. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Deepak Bhole discovered ...

LP: 891761

USN-1346-1: curl vulnerability - 24th January 2012

Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.

CVE-2012-0036

USN-1345-1: Linux kernel vulnerabilities - 24th January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A ...

CVE-2011-1162 CVE-2011-2203 CVE-2011-4110

USN-1344-1: Linux kernel vulnerabilities - 24th January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

CVE-2011-2203 CVE-2011-4110

USN-1343-1: Thunderbird vulnerabilities - 24th January 2012

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin ...

CVE-2011-3658 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2011-3665 LP: 909599

USN-1341-1: Linux kernel vulnerabilities - 23rd January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to ...

CVE-2011-1162 CVE-2011-1759 CVE-2011-2182 CVE-2011-2203 CVE-2011-4110

USN-1340-1: Linux kernel (Oneiric backport) vulnerabilities - 23rd January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain ...

CVE-2011-2203 CVE-2011-4077 CVE-2011-4110 CVE-2011-4132 CVE-2011-4330 CVE-2012-0044

USN-1338-1: Rsyslog vulnerability - 23rd January 2012

Peter Eisentraut discovered that Rsyslog would not properly perform input validation when configured to use imfile. If an attacker were able to craft messages in a file that Rsyslog monitored, an attacker could cause a denial of service. The imfile module is disabled by default in Ubuntu.

CVE-2011-4623

USN-1339-1: QEMU vulnerability - 23rd January 2012

Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management ...

CVE-2012-0029

USN-1337-1: Linux kernel (Natty backport) vulnerabilities - 23rd January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A ...

CVE-2011-1162 CVE-2011-2203 CVE-2011-4110

USN-1336-1: Linux kernel vulnerability - 23rd January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain ...

CVE-2011-2203 CVE-2011-4077 CVE-2011-4110 CVE-2011-4132 CVE-2011-4330 CVE-2012-0044CVE-2012-0056

USN-1334-1: libxml2 vulnerabilities - 19th January 2012

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. ...

CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919

USN-1335-1: t1lib vulnerabilities - 19th January 2012

Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a user were tricked into using a specially crafted font file, a remote attacker could cause t1lib to crash or possibly execute arbitrary code with user privileges. (CVE-2010-2642, CVE-2011-0433) Jonathan Brossard discovered that t1lib did not correctly handle ...

CVE-2010-2642 CVE-2011-0433 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554

USN-1333-1: Libav vulnerabilities - 17th January 2012

Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only ...

CVE-2011-3504 CVE-2011-4351 CVE-2011-4352 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579

USN-1332-1: Linux kernel (Maverick backport) vulnerabilities - 12th January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A ...

CVE-2011-1162 CVE-2011-2203 CVE-2011-4110

USN-1330-1: Linux kernel (OMAP4) vulnerabilities - 12th January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain ...

CVE-2011-2203 CVE-2011-4077 CVE-2011-4110 CVE-2011-4132 CVE-2011-4330 CVE-2012-0044

USN-1329-1: Linux kernel (OMAP4) vulnerability - 12th January 2012

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.

CVE-2011-3353

USN-1328-1: Linux kernel (Marvell DOVE) vulnerabilities - 12th January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

CVE-2011-2203 CVE-2011-4110

USN-1326-1: Nova vulnerability - 11th January 2012

Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants.

CVE-2012-0030

USN-1324-1: Linux kernel (EC2) vulnerabilities - 11th January 2012

Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110)

CVE-2011-2203 CVE-2011-4110

USN-1325-1: Linux kernel (OMAP4) vulnerabilities - 11th January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) Han-Wen ...

CVE-2011-1162 CVE-2011-2203 CVE-2011-3353 CVE-2011-3359 CVE-2011-4110

USN-1323-1: Linux kernel vulnerabilities - 11th January 2012

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A ...

CVE-2011-1162 CVE-2011-2203 CVE-2011-3359 CVE-2011-4110

USN-1322-1: Linux kernel vulnerability - 9th January 2012

Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.

CVE-2011-4081

No comments:

Post a Comment