Ubuntu Essential and Critical Security Patch Updates - Page 366

Find the information you need for your favorite open source distribution .

Ubuntu 763-1: xine-lib vulnerabilities

Ubuntu 763-1: xine-lib vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274) [More...]

Ubuntu 761-1: PHP vulnerabilities

Ubuntu 761-1: PHP vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could [More...]

Ubuntu 757-1: Ghostscript vulnerabilities

Ubuntu 757-1: Ghostscript vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) [More...]

Ubuntu 755-1: Kerberos vulnerabilities

Ubuntu 755-1: Kerberos vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routinesthat did not correctly handle certain requests. An unauthenticated remoteattacker could send specially crafted traffic to crash services usingthe Kerberos library, leading to a denial of service. [More...]

Ubuntu 750-1: OpenSSL vulnerability

Ubuntu 750-1: OpenSSL vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that OpenSSL did not properly validate the length of anencoded BMPString or UniversalString when printing ASN.1 strings. If a useror automated system were tricked into processing a crafted certificate, anattacker could cause a denial of service via application crash inapplications linked against OpenSSL. [More...]

Ubuntu 749-1: libsndfile vulnerability

Ubuntu 749-1: libsndfile vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 745-1: Firefox and Xulrunner vulnerabilities

Ubuntu 745-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Firefox did not properly perform XUL garbagecollection. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or execute arbitrary codewith the privileges of the user invoking the program. This issue onlyaffected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044) [More...]

Ubuntu 748-1: OpenJDK vulnerabilities

Ubuntu 748-1: OpenJDK vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that font creation could leak temporary files.If a user were tricked into loading a malicious program or applet,a remote attacker could consume disk space, leading to a denial ofservice. (CVE-2006-2426, CVE-2009-1100) [More...]

Ubuntu 747-1: ICU vulnerability

Ubuntu 747-1: ICU vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed. [More...]

Ubuntu 746-1: xine-lib vulnerability

Ubuntu 746-1: xine-lib vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking [More...]

Ubuntu 744-1: LittleCMS vulnerabilities

Ubuntu 744-1: LittleCMS vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581) [More...]

Ubuntu 743-1: Ghostscript vulnerabilities

Ubuntu 743-1: Ghostscript vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583) [More...]

Ubuntu 742-1: JasPer vulnerabilities

Ubuntu 742-1: JasPer vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3520) [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved