Ubuntu Essential and Critical Security Patch Updates - Page 373

Find the information you need for your favorite open source distribution .

Ubuntu 789-1: GStreamer Good Plugins vulnerability

Ubuntu 789-1: GStreamer Good Plugins vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]

Ubuntu 788-1: Tomcat vulnerabilities

Ubuntu 788-1: Tomcat vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515) [More...]

Ubuntu 779-1: Firefox and Xulrunner vulnerabilities

Ubuntu 779-1: Firefox and Xulrunner vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several flaws were discovered in the browser and JavaScript engines ofFirefox. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2009-1392,CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838) [More...]

Ubuntu 787-1: Apache vulnerabilities

Ubuntu 787-1: Apache vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Matthew Palmer discovered an underflow flaw in apr-util as included inApache. An attacker could cause a denial of service via application crashin Apache using a crafted SVNMasterURI directive, .htaccess file, or whenusing mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023) [More...]

Ubuntu 786-1: apr-util vulnerabilities

Ubuntu 786-1: apr-util vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Matthew Palmer discovered an underflow flaw in apr-util. An attacker couldcause a denial of service via application crash in Apache using a craftedSVNMasterURI directive, .htaccess file, or when using mod_apreq2.Applications using libapreq2 are also affected. (CVE-2009-0023) [More...]

Ubuntu 784-1: ImageMagick vulnerability

Ubuntu 784-1: ImageMagick vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that ImageMagick did not properly verify the dimensionsof TIFF files. If a user or automated system were tricked into opening acrafted TIFF file, an attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. [More...]

Ubuntu 783-1: eCryptfs vulnerability

Ubuntu 783-1: eCryptfs vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Chris Jones discovered that the eCryptfs support utilities wouldreport the mount passphrase into installation logs when an eCryptfshome directory was selected during Ubuntu installation. The logs areonly readable by the root user, but this still left the mount passphraseunencrypted on disk, potentially leading to a loss of privacy. [More...]

Ubuntu 781-1: Pidgin vulnerabilities

Ubuntu 781-1: Pidgin vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...]

Ubuntu 781-2: Gaim vulnerabilities

Ubuntu 781-2: Gaim vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...]

Ubuntu 778-1: cron vulnerability

Ubuntu 778-1: cron vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that cron did not properly check the return code ofthe setgid() and initgroups() system calls. A local attacker could usethis to escalate group privileges. Please note that cron versions 3.0pl1-64and later were already patched to address the more serious setuid() checkreferred to by CVE-2006-2607. [More...]

Ubuntu 777-1: Ntp vulnerabilities

Ubuntu 777-1: Ntp vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A stack-based buffer overflow was discovered in ntpq. If a user weretricked into connecting to a malicious ntp server, a remote attacker couldcause a denial of service in ntpq, or possibly execute arbitrary code withthe privileges of the user invoking the program. (CVE-2009-0159) [More...]

Ubuntu 776-2: KVM regression

Ubuntu 776-2: KVM regression

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. [More...]

Ubuntu 775-1: Quagga vulnerability

Ubuntu 775-1: Quagga vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the BGP service in Quagga did not correctlyhandle certain AS paths containing 4-byte ASNs. An authenticated remoteattacker could exploit this flaw to cause bgpd to abort, leading to adenial of service. [More...]

Ubuntu 776-1: KVM vulnerabilities

Ubuntu 776-1: KVM vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Avi Kivity discovered that KVM did not correctly handle certain diskformats. A local attacker could attach a malicious partition thatwould allow the guest VM to read files on the VM host. (CVE-2008-1945,CVE-2008-2004) [More...]

Ubuntu 774-1: MoinMoin vulnerability

Ubuntu 774-1: MoinMoin vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, [More...]

Ubuntu 772-1: MPFR vulnerability

Ubuntu 772-1: MPFR vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that MPFR improperly handled string lengths in its print routines. If a user or automated system were tricked into processing specially crafted data with applications linked against MPFR, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Ubuntu 773-1: Pango vulnerability

Ubuntu 773-1: Pango vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved