Ubuntu Essential and Critical Security Patch Updates - Page 361

Find the information you need for your favorite open source distribution .

Ubuntu 850-1: poppler vulnerabilities

Ubuntu 850-1: poppler vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Ubuntu 849-1: libsndfile vulnerabilities

Ubuntu 849-1: libsndfile vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tobias Klein discovered a heap-based buffer overflow in libsndfile. If auser or automated system processed a crafted VOC file, an attacker couldcause a denial of service via application crash, or possibly executearbitrary code with the privileges of the user invoking the program.(CVE-2009-1788) [More...]

Ubuntu 848-1: Zope vulnerabilities

Ubuntu 848-1: Zope vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) [More...]

Ubuntu 847-1: Devscripts vulnerability

Ubuntu 847-1: Devscripts vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Raphael Geissert discovered that uscan, a part of devscripts, did notproperly sanitize its input when processing pathnames. If uscan processed acrafted filename for a file on a remote server, an attacker could executearbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 846-1: ICU vulnerability

Ubuntu 846-1: ICU vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that ICU did not properly handle invalid byte sequencesduring Unicode conversion. If an application using ICU processed crafteddata, content security mechanisms could be bypassed, potentially leading tocross-site scripting (XSS) attacks. [More...]

Ubuntu 845-1: Pan vulnerability

Ubuntu 845-1: Pan vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 843-1: BackupPC vulnerability

Ubuntu 843-1: BackupPC vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter. [More...]

Ubuntu 842-1: Wget vulnerability

Ubuntu 842-1: Wget vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. [More...]

Ubuntu 841-1: GLib vulnerability

Ubuntu 841-1: GLib vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Arand Nash discovered that applications linked to GLib (e.g. Nautilus)did not correctly copy symlinks. If a user copied symlinks with GLib,the symlink target files would become world-writable, allowing localattackers to gain access to potentially sensitive information. [More...]

Ubuntu 839-1: Samba vulnerabilities

Ubuntu 839-1: Samba vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. (CVE-2009-2813) [More...]

Ubuntu 838-1: Dovecot vulnerabilities

Ubuntu 838-1: Dovecot vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) [More...]

Ubuntu 837-1: Newt vulnerability

Ubuntu 837-1: Newt vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Miroslav Lichvar discovered that Newt incorrectly handled rendering in a text box. An attacker could exploit this and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 836-1: WebKit vulnerabilities

Ubuntu 836-1: WebKit vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) [More...]

Ubuntu 835-1: neon vulnerabilities

Ubuntu 835-1: neon vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Joe Orton discovered that neon did not correctly handle SSL certificateswith zero bytes in the Common Name. A remote attacker could exploit thisto perform a man in the middle attack to view sensitive information oralter encrypted communications. [More...]

Ubuntu 834-1: PostgreSQL vulnerabilities

Ubuntu 834-1: PostgreSQL vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that PostgreSQL could be made to unload and reload analready loaded module by using the LOAD command. A remote authenticatedattacker could exploit this to cause a denial of service. This issue didnot affect Ubuntu 6.06 LTS. (CVE-2009-3229) [More...]

Ubuntu 833-1: KDE-Libs vulnerability

Ubuntu 833-1: KDE-Libs vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that KDE did not properly handle certificates with NULLcharacters in the Subject Alternative Name field of X.509 certificates. Anattacker could exploit this to perform a man in the middle attack to viewsensitive information or alter encrypted communications. [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved