Ubuntu Essential and Critical Security Patch Updates - Page 383
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network.If fetchmail has been configured to use the "sslproto tls1", "sslcertck", or "sslfingerprint" options with a server that does not correctly support TLS negotiation, this update may cause fetchmail to (correctly) abort authentication.
Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.
The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.
A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service.
Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. (CVE-2006-6506) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503)
USN-398-1 fixed vulnerabilities in Firefox. Due to the updated version, a flaw was uncovered in the Firefox Themes bundle, which erroneously reported to be incompatible with the updated Firefox. This update fixes the problem. We apologize for the inconvenience.
USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503)
A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.
Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.
A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure.
USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem. We apologize for the inconvenience.
The following CVEIDs are covered by this advisory: CVE-2006-4572, CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173, CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701, CVE-2006-5751
An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.
USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2.
Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.
USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk.
USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations.
A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.