Ubuntu Essential and Critical Security Patch Updates - Page 359

Find the information you need for your favorite open source distribution .

Ubuntu 886-1: Pidgin vulnerabilities

Ubuntu 886-1: Pidgin vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703) [More...]

Ubuntu 885-1: Transmission vulnerabilities

Ubuntu 885-1: Transmission vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the Transmission web interface was vulnerable tocross-site request forgery (CSRF) attacks. If a user were tricked intoopening a specially crafted web page in a browser while Transmission wasrunning, an attacker could trigger commands in Transmission. This issueaffected Ubuntu 9.04. (CVE-2009-1757) [More...]

Ubuntu 884-1: OpenSSL vulnerability

Ubuntu 884-1: OpenSSL vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that OpenSSL did not correctly free unused memory incertain situations. A remote attacker could trigger this flaw in servicesthat used SSL, causing the service to use all available system memory,leading to a denial of service. [More...]

Ubuntu 882-1: PHP vulnerabilities

Ubuntu 882-1: PHP vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626) [More...]

Ubuntu 883-1: network-manager-applet vulnerabilities

Ubuntu 883-1: network-manager-applet vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144) [More...]

Ubuntu 881-1: Kerberos vulnerability

Ubuntu 881-1: Kerberos vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Kerberos did not correctly handle invalid AESblocks. An unauthenticated remote attacker could send specially craftedtraffic that would crash the KDC service, leading to a denial of service,or possibly execute arbitrary code with root privileges. [More...]

Ubuntu 880-1: GIMP vulnerabilities

Ubuntu 880-1: GIMP vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-1570) [More...]

Ubuntu 879-1: Kerberos vulnerability

Ubuntu 879-1: Kerberos vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discoveredthat the Kerberos Key Distribution Center service did not correctly verifycertain network traffic. An unauthenticated remote attacker could senda specially crafted request that would cause the KDC to crash, leadingto a denial of service. [More...]

Ubuntu 874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

Ubuntu 874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, andDavid James discovered several flaws in the browser and JavaScript enginesof Firefox. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or possibly executearbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabilities

Ubuntu 873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, andDavid James discovered several flaws in the browser and JavaScript enginesof Firefox. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or possibly executearbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 872-1: KDE 4 Runtime vulnerabilities

Ubuntu 872-1: KDE 4 Runtime vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the KIO subsystem of KDE did not properly performinput validation when processing help:// URIs. If a user or KIO applicationprocessed a crafted help:// URI, an attacker could trigger JavaScriptexecution or access files via directory traversal. [More...]

Ubuntu 871-1: KDE vulnerability

Ubuntu 871-1: KDE vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A buffer overflow was found in the KDE libraries when converting a stringto a floating point number. If a user or application linked against kdelibswere tricked into processing crafted input, an attacker could cause adenial of service (via application crash) or possibly execute arbitrarycode with the privileges of the user invoking the program. (CVE-2009-0689) [More...]

Ubuntu 870-1: PyGreSQL vulnerability

Ubuntu 870-1: PyGreSQL vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safestring and bytea functions in its own escaping functions. As a result,applications written to use PyGreSQL's escaping functions are vulnerable toSQL injections when processing certain multi-byte character sequences.Because the safe functions require a database connection, to maintain [More...]

Ubuntu 869-1: Linux kernel vulnerabilities

Ubuntu 869-1: Linux kernel vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. (The fix was included in the earlier kernels from USN-864-1.) (CVE-2009-1298) [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved