Ubuntu Essential and Critical Security Patch Updates - Page 349

Find the information you need for your favorite open source distribution .

Ubuntu 1046-1: Sudo vulnerability

Ubuntu 1046-1: Sudo vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. [More...]

Ubuntu 1045-1: FUSE vulnerability

Ubuntu 1045-1: FUSE vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. [More...]

Ubuntu 1009-2: GNU C Library vulnerability

Ubuntu 1009-2: GNU C Library vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watsondiscovered that the fixes were incomplete and introduced flaws withsetuid programs loading libraries that used dynamic string tokens in theirRPATH. If the "man" program was installed setuid, a local attacker couldexploit this to gain "man" user privileges, potentially leading to further [More...]

Ubuntu 1042-1: PHP vulnerabilities

Ubuntu 1042-1: PHP vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that an integer overflow in the XML UTF-8 decodingcode could allow an attacker to bypass cross-site scripting (XSS)protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,and Ubuntu 9.10. (CVE-2009-5016) [More...]

Ubuntu 1041-1: Linux kernel vulnerabilities

Ubuntu 1041-1: Linux kernel vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Dan Rosenberg discovered that the btrfs filesystem did not correctlyvalidate permissions when using the clone function. A local attacker couldoverwrite the contents of file handles that were opened for append-only,or potentially read arbitrary contents, leading to a loss of privacy. OnlyUbuntu 9.10 was affected. (CVE-2010-2537, CVE-2010-2538) [More...]

Ubuntu 1037-1: ifupdown update

Ubuntu 1037-1: ifupdown update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Under certain circumstances, the DHCP client could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before DHCP client starts. [More...]

Ubuntu 1038-1: dpkg vulnerability

Ubuntu 1038-1: dpkg vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial [More...]

Ubuntu 1035-1: Evince vulnerabilities

Ubuntu 1035-1: Evince vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges. [More...]

Ubuntu 1032-1: Exim vulnerability

Ubuntu 1032-1: Exim vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sergey Kononenko and Eugene Bujak discovered that Exim did not correctlytruncate string expansions. A remote attacker could send specially craftedemail traffic to run arbitrary code as the Exim user, which could alsolead to root privileges. [More...]

Ubuntu 1031-1: ClamAV vulnerabilities

Ubuntu 1031-1: ClamAV vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Arkadiusz Miskiewicz and others discovered that the PDF processingcode in libclamav improperly validated input. This could allow aremote attacker to craft a PDF document that could crash clamav orpossibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) [More...]

Ubuntu 1020-1: Thunderbird vulnerabilities

Ubuntu 1020-1: Thunderbird vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash THunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778) [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved