Ubuntu Essential and Critical Security Patch Updates - Page 372

Find the information you need for your favorite open source distribution .

Ubuntu 806-1: Python vulnerabilities

Ubuntu 806-1: Python vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. (CVE-2008-4864) [More...]

Ubuntu 798-1: Firefox and Xulrunner vulnerabilities

Ubuntu 798-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several flaws were discovered in the Firefox browser and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2009-2462,CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2469) [More...]

Ubuntu 803-1: dhcp vulnerability

Ubuntu 803-1: dhcp vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the DHCP client as included in dhcp3 did not verifythe length of certain option fields when processing a response from an IPv4dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to amalicious dhcp server, a remote attacker could cause a denial of service orexecute arbitrary code as the user invoking the program, typically the [More...]

Ubuntu 802-1: Apache vulnerabilities

Ubuntu 802-1: Apache vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890) [More...]

Ubuntu 801-1: tiff vulnerability

Ubuntu 801-1: tiff vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 800-1: irssi vulnerability

Ubuntu 800-1: irssi vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that irssi did not properly check the length of stringswhen processing WALLOPS messages. If a user connected to an IRC networkwhere an attacker had IRC operator privileges, a remote attacker couldcause a denial of service. [More...]

Ubuntu 797-1: tiff vulnerability

Ubuntu 797-1: tiff vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could cause an application linked against libtiff to crash, leading to a denial of service. [More...]

Ubuntu 794-1: Perl vulnerability

Ubuntu 794-1: Perl vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. [More...]

Ubuntu 793-1: Linux kernel vulnerabilities

Ubuntu 793-1: Linux kernel vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Igor Zhbanov discovered that NFS clients were able to create device nodeseven when root_squash was enabled. An authenticated remote attackercould create device nodes with open permissions, leading to a loss ofprivacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 wereaffected. (CVE-2009-1072) [More...]

Ubuntu 782-1: Thunderbird vulnerabilities

Ubuntu 782-1: Thunderbird vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several flaws were discovered in the JavaScript engine of Thunderbird. If auser had JavaScript enabled and were tricked into viewing malicious webcontent, a remote attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833, [More...]

Ubuntu 792-1: OpenSSL vulnerabilities

Ubuntu 792-1: OpenSSL vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1377) [More...]

Ubuntu 791-2: Moodle vulnerability

Ubuntu 791-2: Moodle vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Christian Eibl discovered that the TeX filter in Moodle allowed anyfunction to be used. An authenticated remote attacker could posta specially crafted TeX formula to execute arbitrary TeX functions,potentially reading any file accessible to the web server user, leadingto a loss of privacy. (CVE-2009-1171, MSA-09-0009) [More...]

Ubuntu 791-1: Moodle vulnerabilities

Ubuntu 791-1: Moodle vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215) [More...]

Ubuntu 790-1: Cyrus SASL vulnerability

Ubuntu 790-1: Cyrus SASL vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

James Ralston discovered that the Cyrus SASL base64 encoding functioncould be used unsafely. If a remote attacker sent a specially craftedrequest to a service that used SASL, it could lead to a loss of privacy,or crash the application, resulting in a denial of service. [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved