Ubuntu Essential and Critical Security Patch Updates - Page 362

Find the information you need for your favorite open source distribution .

Ubuntu 831-1: OpenEXR vulnerabilities

Ubuntu 831-1: OpenEXR vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1720, CVE-2009-1721) [More...]

Ubuntu 830-1: OpenSSL vulnerability

Ubuntu 830-1: OpenSSL vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. [More...]

Ubuntu 829-1: Qt vulnerability

Ubuntu 829-1: Qt vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Qt did not properly handle certificates with NULLcharacters in the Subject Alternative Name field of X.509 certificates. Anattacker could exploit this to perform a man in the middle attack to viewsensitive information or alter encrypted communications. (CVE-2009-2700) [More...]

Ubuntu 821-1: Firefox and Xulrunner vulnerabilities

Ubuntu 821-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several flaws were discovered in the Firefox browser and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2009-3070,CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075) [More...]

Ubuntu 828-1: PAM vulnerability

Ubuntu 828-1: PAM vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Russell Senior discovered that the system authentication moduleselection mechanism for PAM did not safely handle an empty selection.If an administrator had specifically removed the default list of modulesor failed to chose a module when operating debconf in a very unlikelynon-default configuration, PAM would allow any authentication attempt, [More...]

Ubuntu 810-2: NSS regression

Ubuntu 810-2: NSS regression

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed thatthe new libraries on amd64 did not correctly set stack memory flags,and caused applications using NSS (e.g. Firefox) to have an executablestack. This reduced the effectiveness of some defensive securityprotections. This update fixes the problem. [More...]

Ubuntu 827-1: Dnsmasq vulnerabilities

Ubuntu 827-1: Dnsmasq vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartA­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq did not properly validate its input when processing TFTP requests for files with long names. A remote attacker could cause a denial of service or execute arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by [More...]

Ubuntu 826-1: Mono vulnerabilities

Ubuntu 826-1: Mono vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) [More...]

Ubuntu 825-1: libvorbis vulnerability

Ubuntu 825-1: libvorbis vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-2663) [More...]

Ubuntu 824-1: PHP vulnerability

Ubuntu 824-1: PHP vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. [More...]

Ubuntu 823-1: KDE-Graphics vulnerabilities

Ubuntu 823-1: KDE-Graphics vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 822-1: KDE-Libs vulnerabilities

Ubuntu 822-1: KDE-Libs vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) [More...]

Ubuntu 820-1: Pidgin vulnerability

Ubuntu 820-1: Pidgin vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. [More...]

Ubuntu 809-1: GnuTLS vulnerabilities

Ubuntu 809-1: GnuTLS vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS didnot properly handle certificates with NULL characters in the certificatename. An attacker could exploit this to perform a man in the middle attackto view sensitive information or alter encrypted communications.(CVE-2009-2730) [More...]

Ubuntu 802-2: Apache regression

Ubuntu 802-2: Apache regression

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. [More...]

Ubuntu 819-1: Linux kernel vulnerability

Ubuntu 819-1: Linux kernel vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tavis Ormandy and Julien Tinnes discovered that Linux did not correctlyinitialize certain socket operation function pointers. A local attackercould exploit this to gain root privileges. By default, Ubuntu 8.04and later with a non-zero /proc/sys/vm/mmap_min_addr setting were notvulnerable. [More...]

Ubuntu 818-1: curl vulnerability

Ubuntu 818-1: curl vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Scott Cantor discovered that Curl did not correctly handle SSLcertificates with zero bytes in the Common Name. A remote attacker couldexploit this to perform a man in the middle attack to view sensitiveinformation or alter encrypted communications. [More...]

Ubuntu 816-1: fetchmail vulnerability

Ubuntu 816-1: fetchmail vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Moxie Marlinspike discovered that fetchmail did not properly handlecertificates with NULL characters in the certificate name. A remoteattacker could exploit this to perform a man in the middle attack toview sensitive information or alter encrypted communications. [More...]

Ubuntu 815-1: libxml2 vulnerabilities

Ubuntu 815-1: libxml2 vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved