Ubuntu Essential and Critical Security Patch Updates - Page 358
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++.
Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) [More...]
Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) [More...]
It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 8.10, 9.04 and 9.10. (CVE-2009-2855) [More...]
Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. (CVE-2009-4124) [More...]
It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted. [More...]
It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session.
It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This [More...]
Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4filesystems did not correctly check certain disk structures. If a userwere tricked into mounting a specially crafted filesystem, a remoteattacker could crash the system or gain root privileges. (CVE-2009-4020,CVE-2009-4308) [More...]
Ronald Volgers discovered that FUSE did not correctly check mountlocations. A local attacker, with access to use FUSE, could unmountarbitrary locations, leading to a denial of service.
Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation. [More...]
It was discovered that lintian did not correctly validate certainfilenames when processing input. If a user or an automated systemwere tricked into running lintian on a specially crafted set of files,a remote attacker could execute arbitrary code with user privileges. [More...]
USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch tofix the vulnerability was not properly applied on Ubuntu 8.10 and higher.Even with the patch improperly applied, the default compiler optionsreduced the vulnerability to a denial of service. Additionally, in Ubuntu9.04 and higher, users were also protected by the AppArmor dhclient3 [More...]
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4.
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5.
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat didnot properly process malformed XML. If a user or application linked againstExpat were tricked into opening a crafted XML file, an attacker could causea denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) [More...]
It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. (CVE-2010-0097) [More...]
It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2624) [More...]
Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges.