Advisory: Ubuntu Essential and Critical Security Patch Updates - Page 369

Ubuntu 706-1: Bind vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Bind did not properly perform certificate verification.When DNSSEC with DSA certificates are in use, a remote attacker could exploitthis to bypass certificate validation to spoof DNS entries and poison DNScaches. Among other things, this could lead to misdirected email and webtraffic. [More...]

LinuxSecurity.com Team
Jan 09, 2009

Ubuntu 705-1: NTP vulnerability

It was discovered that NTP did not properly perform signature verification.A remote attacker could exploit this to bypass certificate validation viaa malformed SSL/TLS signature.

LinuxSecurity.com Team
Jan 08, 2009

Ubuntu 704-1: OpenSSL vulnerability

It was discovered that OpenSSL did not properly perform signature verificationon DSA and ECDSA keys. If user or automated system connected to a maliciousserver or a remote attacker were able to perform a man-in-the-middle attack,this flaw could be exploited to view sensitive information. [More...]

LinuxSecurity.com Team
Jan 07, 2009

Ubuntu: Samba vulnerability

Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting "registry shares = yes", "include = registry", or "config backend = registry", which is not the default.

LinuxSecurity.com Team
Jan 05, 2009

Ubuntu: OpenOffice.org Internationalization update

USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Original advisory details: Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2008-2237, CVE-2008-2238)

LinuxSecurity.com Team
Dec 23, 2008

Ubuntu: Nagios vulnerabilities

It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028)

LinuxSecurity.com Team
Dec 23, 2008

Ubuntu: Blender vulnerabilities

It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102)

LinuxSecurity.com Team
Dec 22, 2008

Ubuntu: Nagios3 vulnerabilities

LinuxSecurity.com Team
Dec 22, 2008

Ubuntu: Imlib2 vulnerability

It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 22, 2008

Ubuntu: Nagios vulnerability

It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

LinuxSecurity.com Team
Dec 22, 2008

Ubuntu: Firefox vulnerabilities USN-690-2

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 17, 2008

Ubuntu: Firefox vulnerabilities USN-690-3

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500)

LinuxSecurity.com Team
Dec 17, 2008

Ubuntu: Ruby vulnerability

Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443)

LinuxSecurity.com Team
Dec 16, 2008

Ubuntu: nfs-utils vulnerability

It was discovered that nfs-utils did not properly enforce netgroup restrictions when using TCP Wrappers. Remote attackers could bypass the netgroup restrictions enabled by the administrator and possibly gain access to sensitive information.

LinuxSecurity.com Team
Dec 04, 2008

Ubuntu: Imlib2 vulnerability USN-683-1

It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 02, 2008

Ubuntu: libvorbis vulnerabilities

It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 01, 2008

Ubuntu: Samba vulnerability USN-680-1

It was discovered that Samba did not properly perform bounds checking in certain operations. A remote attacker could possibly exploit this to read arbitrary memory contents of the smb process, which could contain sensitive infomation or possibly have other impacts, such as a denial of service.

LinuxSecurity.com Team
Nov 27, 2008

Ubuntu: Gaim vulnerability

It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927)

LinuxSecurity.com Team
Nov 24, 2008

Ubuntu: WebKit vulnerability

It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Nov 24, 2008

Ubuntu: Pidgin vulnerabilities

It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927)

LinuxSecurity.com Team
Nov 24, 2008

Ubuntu Essential and Critical Security Patch Updates - Page 369

Ubuntu 706-1: Bind vulnerability

Ubuntu 705-1: NTP vulnerability

Ubuntu 704-1: OpenSSL vulnerability

Ubuntu: Samba vulnerability

Ubuntu: OpenOffice.org Internationalization update

Ubuntu: Nagios vulnerabilities

Ubuntu: Blender vulnerabilities

Ubuntu: Nagios3 vulnerabilities

Ubuntu: Imlib2 vulnerability

Ubuntu: Nagios vulnerability

Ubuntu: Firefox vulnerabilities USN-690-2

Ubuntu: Firefox vulnerabilities USN-690-3

Ubuntu: Ruby vulnerability

Ubuntu: nfs-utils vulnerability

Ubuntu: Imlib2 vulnerability USN-683-1

Ubuntu: libvorbis vulnerabilities

Ubuntu: Samba vulnerability USN-680-1

Ubuntu: Gaim vulnerability

Ubuntu: WebKit vulnerability

Ubuntu: Pidgin vulnerabilities

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By