About Ubuntu

=========================================================== Ubuntu Security Notice USN-672-1 November 17, 2008 clamav vulnerability CVE-2008-5050 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.1-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service.

=========================================================== Ubuntu Security Notice USN-667-1 November 17, 2008 firefox, firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 Ubuntu 7.10: firefox 2.0.0.18+nobinonly-0ubuntu0.7.10 Ubuntu 8.04 LTS: firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.4+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.10.1 After a standard system upgrade you need to restart Firefox and any application that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. (CVE-2008-4582) Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. This issue only affects Firefox 2. (CVE-2008-5012) It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013) Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014) Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015) Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5016, CVE-2008-5017, CVE-2008-5018) David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges. (CVE-2008-5019) Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017) A flaw was discovered in Firefox's DOM constructing code. If a user were tricked into opening a malicious website, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021) It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022) Collin Jackson discovered various flaws in Firefox when processing stylesheets which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker could execute arbitrary code with the privileges of the signed JAR or of a different website. (CVE-2008-5023) Chris Evans discovered that Firefox did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024)

=========================================================== Ubuntu Security Notice USN-671-1 November 17, 2008 mysql-dfsg-5.0 vulnerabilities CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11 Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4 Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963)

=========================================================== Ubuntu Security Notice USN-670-1 November 13, 2008 vm-builder vulnerability https://bugs.launchpad.net/+bug/296841 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: passwd 1:4.0.13-7ubuntu3.3 Ubuntu 7.10: passwd 1:4.0.18.1-9ubuntu0.1 Ubuntu 8.04 LTS: passwd 1:4.0.18.2-1ubuntu2.1 Ubuntu 8.10: passwd 1:4.1.1-1ubuntu1.1 python-vm-builder 0.9-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. This vulnerability only affects virtual machines created with vm-builder under Ubuntu 8.10, and does not affect native Ubuntu installations. An update was made to the shadow package to detect vulnerable systems and disable password authentication for the root account. Vulnerable virtual machines which an attacker has access to should be considered compromised, and appropriate actions taken to secure the machine.

=========================================================== Ubuntu Security Notice USN-669-1 November 11, 2008 gnome-screensaver vulnerabilities CVE-2007-6389, CVE-2008-0887 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gnome-screensaver 2.14.3-0ubuntu1.1 Ubuntu 7.10: gnome-screensaver 2.20.0-0ubuntu4.3 After a standard system upgrade you need to restart all user sessions on your computer to effect the necessary changes. Details follow: It was discovered that the notify feature in gnome-screensaver could let a local attacker read the clipboard contents of a locked session by using Ctrl-V. (CVE-2007-6389) Alan Matsuoka discovered that gnome-screensaver did not properly handle network outages when using a remote authentication service. During a network interruption, or by disconnecting the network cable, a local attacker could gain access to locked sessions. (CVE-2008-0887)

=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: dovecot-imapd 1:1.1.4-0ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that certain email headers were not correctly handled by Dovecot. If a remote attacker sent a specially crafted email to a user with a mailbox managed by Dovecot, that user's mailbox would become inaccessible through Dovecot, leading to a denial of service.

=========================================================== Ubuntu Security Notice USN-662-2 November 06, 2008 linux-ubuntu-modules-2.6.22/24 vulnerability CVE-2008-4395 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: linux-ubuntu-modules-2.6.22-15-386 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-generic 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-rt 2.6.22-15.40 linux-ubuntu-modules-2.6.22-15-server 2.6.22-15.40 Ubuntu 8.04 LTS: linux-ubuntu-modules-2.6.24-21-386 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-generic 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-rt 2.6.24-21.33 linux-ubuntu-modules-2.6.24-21-server 2.6.24-21.33 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10. This update provides the corresponding updates for Ubuntu 8.04 and 7.10. Original advisory details: Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. For a system using ndiswrapper, a physically near-by attacker could generate specially crafted wireless network traffic and execute arbitrary code with root privileges. (CVE-2008-4395)

=========================================================== Ubuntu Security Notice USN-665-1 November 06, 2008 netpbm-free vulnerability CVE-2008-0554 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: netpbm 2:10.0-10ubuntu1.1 Ubuntu 7.10: netpbm 2:10.0-11ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Netpbm could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.

=========================================================== Ubuntu Security Notice USN-664-1 November 06, 2008 tk8.0, tk8.3, tk8.4 vulnerability CVE-2008-0553 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tk8.0 8.0.5-11ubuntu0.1 tk8.3 8.3.5-4ubuntu1.2 tk8.4 8.4.12-0ubuntu1.2 Ubuntu 7.10: tk8.3 8.3.5-6ubuntu3.1 tk8.4 8.4.15-1ubuntu1.1 Ubuntu 8.04 LTS: tk8.4 8.4.16-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.

=========================================================== Ubuntu Security Notice USN-663-1 November 05, 2008 system-tools-backends regression https://launchpad.net/bugs/287134 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: system-tools-backends 2.6.0-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that passwords changed (or new users created) via the "Users and Groups" tool were created with 3DES hashing. This reduced the security of stored user passwords, and was a regression from the correct MD5 hashing. This update fixes the problem; future password changes will correct the hashing used. We apologize for the inconvenience.