Ubuntu Essential and Critical Security Patch Updates - Page 349
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. [More...]
USN-1045-1 fixed vulnerabilities in FUSE. This update to util-linux adds support for new options required by the FUSE update.
It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. [More...]
Remi Denis-Courmont discovered that D-Bus did not properly validate the number of nested variants when validating D-Bus messages. A local attacker could exploit this to cause a denial of service.
USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436introduced a regression in the open_basedir restriction handling code.This update fixes the problem.
It was discovered that a NULL pointer dereference in the code forhandling transformations of monochrome profiles could allow an attackerto cause a denial of service through a specially crafted image.(CVE-2009-0793) [More...]
USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watsondiscovered that the fixes were incomplete and introduced flaws withsetuid programs loading libraries that used dynamic string tokens in theirRPATH. If the "man" program was installed setuid, a local attacker couldexploit this to gain "man" user privileges, potentially leading to further [More...]
It was discovered that an integer overflow in the XML UTF-8 decodingcode could allow an attacker to bypass cross-site scripting (XSS)protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,and Ubuntu 9.10. (CVE-2009-5016) [More...]
Dan Rosenberg discovered that the btrfs filesystem did not correctlyvalidate permissions when using the clone function. A local attacker couldoverwrite the contents of file handles that were opened for append-only,or potentially read arbitrary contents, leading to a loss of privacy. OnlyUbuntu 9.10 was affected. (CVE-2010-2537, CVE-2010-2538) [More...]
It was discovered that if AppArmor was misconfigured, under certain circumstances the parser could generate policy using an unconfined fallback execute transition when one was not specified.
Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. (CVE-2010-4534)
Under certain circumstances, the DHCP client could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before DHCP client starts. [More...]
Under certain circumstances, CUPS could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before CUPS starts.
Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial [More...]
Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges. [More...]
It was discovered that Eucalyptus did not verify password resets fromthe Admin UI correctly. An unauthenticated remote attacker could issuepassword reset requests to gain admin privileges in the Eucalyptusenvironment. [More...]
USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additionalbackported improvements could interfere with the compilation of certainJava software. This update fixes the problem.
Sergey Kononenko and Eugene Bujak discovered that Exim did not correctlytruncate string expansions. A remote attacker could send specially craftedemail traffic to run arbitrary code as the Exim user, which could alsolead to root privileges. [More...]
Arkadiusz Miskiewicz and others discovered that the PDF processingcode in libclamav improperly validated input. This could allow aremote attacker to craft a PDF document that could crash clamav orpossibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479) [More...]
Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash THunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778) [More...]