Advisory: Ubuntu Essential and Critical Security Patch Updates - Page 383

Ubuntu: Samba vulnerability USN-702-1

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.

LinuxSecurity.com Team
Dec 18, 2007

Ubuntu: Cairo regression

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the inconvenience.

LinuxSecurity.com Team
Dec 12, 2007

Ubuntu: Cairo regression USN-550-2

Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 10, 2007

Ubuntu: e2fsprogs vulnerability

Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 08, 2007

Ubuntu: Mono vulnerability

It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 04, 2007

Ubuntu: Perl vulnerability

It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 04, 2007

Ubuntu: Cairo vulnerability

LinuxSecurity.com Team
Dec 03, 2007

Ubuntu: PHP vulnerabilities USN-549-1

It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)

LinuxSecurity.com Team
Nov 29, 2007

Ubuntu: PCRE vulnerabilities

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.

LinuxSecurity.com Team
Nov 26, 2007

Ubuntu: Firefox vulnerabilities USN-546-1

It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. (CVE-2007-5947)

LinuxSecurity.com Team
Nov 26, 2007

Ubuntu: link-grammar vulnerability

Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash.

LinuxSecurity.com Team
Nov 26, 2007

Ubuntu: VMWare vulnerabilities

Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges.

LinuxSecurity.com Team
Nov 15, 2007

Ubuntu: poppler vulnerabilities

Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

LinuxSecurity.com Team
Nov 14, 2007

Ubuntu: Emacs vulnerability

Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.

LinuxSecurity.com Team
Nov 13, 2007

Ubuntu: flac vulnerability

Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.

LinuxSecurity.com Team
Nov 13, 2007

Ubuntu: CUPS vulnerability USN-539-1

Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.

LinuxSecurity.com Team
Nov 06, 2007

Ubuntu: Compiz vulnerability

USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz. Original advisory details: Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

LinuxSecurity.com Team
Nov 02, 2007

Ubuntu: libpng vulnerabilities

It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng.

LinuxSecurity.com Team
Oct 25, 2007

Ubuntu: gnome-screensaver vulnerability

Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

LinuxSecurity.com Team
Oct 23, 2007

Ubuntu: Thunderbird vulnerabilities USN-536-1

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5339,

LinuxSecurity.com Team
Oct 23, 2007

Ubuntu Essential and Critical Security Patch Updates - Page 383

Ubuntu: Samba vulnerability USN-702-1

Ubuntu: Cairo regression

Ubuntu: Cairo regression USN-550-2

Ubuntu: e2fsprogs vulnerability

Ubuntu: Mono vulnerability

Ubuntu: Perl vulnerability

Ubuntu: Cairo vulnerability

Ubuntu: PHP vulnerabilities USN-549-1

Ubuntu: PCRE vulnerabilities

Ubuntu: Firefox vulnerabilities USN-546-1

Ubuntu: link-grammar vulnerability

Ubuntu: VMWare vulnerabilities

Ubuntu: poppler vulnerabilities

Ubuntu: Emacs vulnerability

Ubuntu: flac vulnerability

Ubuntu: CUPS vulnerability USN-539-1

Ubuntu: Compiz vulnerability

Ubuntu: libpng vulnerabilities

Ubuntu: gnome-screensaver vulnerability

Ubuntu: Thunderbird vulnerabilities USN-536-1

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By