Ubuntu Essential and Critical Security Patch Updates - Page 365

Find the information you need for your favorite open source distribution .

Ubuntu 781-2: Gaim vulnerabilities

Ubuntu 781-2: Gaim vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...]

Ubuntu 778-1: cron vulnerability

Ubuntu 778-1: cron vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that cron did not properly check the return code ofthe setgid() and initgroups() system calls. A local attacker could usethis to escalate group privileges. Please note that cron versions 3.0pl1-64and later were already patched to address the more serious setuid() checkreferred to by CVE-2006-2607. [More...]

Ubuntu 777-1: Ntp vulnerabilities

Ubuntu 777-1: Ntp vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A stack-based buffer overflow was discovered in ntpq. If a user weretricked into connecting to a malicious ntp server, a remote attacker couldcause a denial of service in ntpq, or possibly execute arbitrary code withthe privileges of the user invoking the program. (CVE-2009-0159) [More...]

Ubuntu 776-2: KVM regression

Ubuntu 776-2: KVM regression

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. [More...]

Ubuntu 775-1: Quagga vulnerability

Ubuntu 775-1: Quagga vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the BGP service in Quagga did not correctlyhandle certain AS paths containing 4-byte ASNs. An authenticated remoteattacker could exploit this flaw to cause bgpd to abort, leading to adenial of service. [More...]

Ubuntu 776-1: KVM vulnerabilities

Ubuntu 776-1: KVM vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Avi Kivity discovered that KVM did not correctly handle certain diskformats. A local attacker could attach a malicious partition thatwould allow the guest VM to read files on the VM host. (CVE-2008-1945,CVE-2008-2004) [More...]

Ubuntu 774-1: MoinMoin vulnerability

Ubuntu 774-1: MoinMoin vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, [More...]

Ubuntu 772-1: MPFR vulnerability

Ubuntu 772-1: MPFR vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Ubuntu 773-1: Pango vulnerability

Ubuntu 773-1: Pango vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Ubuntu 771-1: libmodplug vulnerabilities

Ubuntu 771-1: libmodplug vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that libmodplug did not correctly handle certain parameters when parsing MED media files. If a user or automated system were tricked into opening a crafted MED file, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2009-1438) [More...]

Ubuntu 770-1: ClamAV vulnerability

Ubuntu 770-1: ClamAV vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A flaw was discovered in the clamav-milter initscript which caused theownership of the current working directory to be changed to the 'clamav'user. This update attempts to repair the incorrect ownership for standardsystem directories, but it is recommended that the following command beperformed to report any other directories that may be affected: [More...]

Ubuntu 769-1: libwmf vulnerability

Ubuntu 769-1: libwmf vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Ubuntu 765-1: Firefox and Xulrunner vulnerabilities

Ubuntu 765-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the upstream security fixes in USN-764-1 introduceda regression which could cause the browser to crash. If a user were trickedinto viewing a malicious website, a remote attacker could cause a denial ofservice or possibly execute arbitrary code with the privileges of the userinvoking the program. [More...]

Ubuntu 767-1: FreeType vulnerability

Ubuntu 767-1: FreeType vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges. [More...]

Ubuntu 764-1: Firefox and Xulrunner vulnerabilities

Ubuntu 764-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several flaws were discovered in the browser engine. If a user were trickedinto viewing a malicious website, a remote attacker could cause a denial ofservice or possibly execute arbitrary code with the privileges of the userinvoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304,CVE-2009-1305) [More...]

Ubuntu 762-1: APT vulnerabilities

Ubuntu 762-1: APT vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Alexandre Martani discovered that the APT daily cron script did not checkthe return code of the date command. If a machine is configured forautomatic updates and is in a time zone where DST occurs at midnight, undercertain circumstances automatic updates might not be applied and couldbecome permanently disabled. (CVE-2009-1300) [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved