Ubuntu Essential and Critical Security Patch Updates - Page 347
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service.
Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2011-0053, CVE-2011-0062) [More...]
Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, HenrySivonen, Martijn Wargers, David Baron and Marcia Knous discovered severalmemory issues in the browser engine. An attacker could exploit these tocrash the browser or possibly run arbitrary code as the user invoking theprogram. (CVE-2011-0053, CVE-2011-0062) [More...]
Al Viro discovered a race condition in the TTY driver. A local attackercould exploit this to crash the system, leading to a denial of service.(CVE-2009-4895)
USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for use with EC2.
Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. (CVE-2010-0421) [More...]
It was discovered that KVM did not correctly initialize certain CPUregisters. A local attacker could exploit this to crash the system, leadingto a denial of service. (CVE-2010-3698)
Thomas Pollet discovered that the RDS network protocol did not checkcertain iovec buffers. A local attacker could exploit this to crash thesystem or possibly execute arbitrary code as the root user. (CVE-2010-3865) [More...]
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)
Dominik George discovered that logwatch did not properly sanitizelog file names that were passed to the shell as part of a command.If a remote attacker were able to generate specially crafted filenames(for example, via Samba logging), they could execute arbitrary codewith root privileges. [More...]
USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 10.04.
It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. [More...]
It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications (VBA) data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. [More...]
Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service. [More...]
Al Viro discovered a race condition in the TTY driver. A local attackercould exploit this to crash the system, leading to a denial of service.(CVE-2009-4895)
Gleb Napatov discovered that KVM did not correctly check certain privilegedoperations. A local attacker with access to a guest kernel could exploitthis to crash the host system, leading to a denial of service.(CVE-2010-0435) [More...]
Gleb Napatov discovered that KVM did not correctly check certain privilegedoperations. A local attacker with access to a guest kernel could exploitthis to crash the host system, leading to a denial of service.(CVE-2010-0435) [More...]
Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3086)
It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. [More...]
It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same [More...]