Advisory: Ubuntu Essential and Critical Security Patch Updates - Page 370

Ubuntu: X.org vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges.

LinuxSecurity.com Team
Jan 18, 2008

Ubuntu: boost vulnerabilities

Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.

LinuxSecurity.com Team
Jan 16, 2008

Ubuntu: libxml2 vulnerability USN-569-1

Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.

LinuxSecurity.com Team
Jan 14, 2008

Ubuntu: PostgreSQL vulnerabilities

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)

LinuxSecurity.com Team
Jan 14, 2008

Ubuntu: Dovecot vulnerability

It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.

LinuxSecurity.com Team
Jan 10, 2008

Ubuntu: OpenSSH vulnerability USN-612-2

Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.

LinuxSecurity.com Team
Jan 09, 2008

Ubuntu: CUPS vulnerabilities USN-563-1

Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code.

LinuxSecurity.com Team
Jan 09, 2008

Ubuntu: pwlib vulnerability

Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths. A remote attacker could send specially crafted packets to applications linked against pwlib (e.g. Ekiga) causing them to crash, leading to a denial of service.

LinuxSecurity.com Team
Jan 09, 2008

Ubuntu: opal vulnerability

Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.

LinuxSecurity.com Team
Jan 09, 2008

Ubuntu: Tomboy vulnerability

Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

LinuxSecurity.com Team
Jan 07, 2008

Ubuntu: Linux kernel vulnerabilities USN-558-1

The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058) Certain calculations in the hugetlb code were not correct. A local attacker could exploit this to cause a kernel panic, leading to a denial of service.

LinuxSecurity.com Team
Dec 18, 2007

Ubuntu: Samba vulnerability USN-702-1

Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.

LinuxSecurity.com Team
Dec 18, 2007

Ubuntu: Cairo regression

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the inconvenience.

LinuxSecurity.com Team
Dec 12, 2007

Ubuntu: Cairo regression USN-550-2

Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 10, 2007

Ubuntu: e2fsprogs vulnerability

Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 08, 2007

Ubuntu: Mono vulnerability

It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 04, 2007

Ubuntu: Perl vulnerability

It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.

LinuxSecurity.com Team
Dec 04, 2007

Ubuntu: Cairo vulnerability

LinuxSecurity.com Team
Dec 03, 2007

Ubuntu: PHP vulnerabilities USN-549-1

It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)

LinuxSecurity.com Team
Nov 29, 2007

Ubuntu: PCRE vulnerabilities

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.

LinuxSecurity.com Team
Nov 26, 2007

Ubuntu Essential and Critical Security Patch Updates - Page 370

Ubuntu: X.org vulnerabilities

Ubuntu: boost vulnerabilities

Ubuntu: libxml2 vulnerability USN-569-1

Ubuntu: PostgreSQL vulnerabilities

Ubuntu: Dovecot vulnerability

Ubuntu: OpenSSH vulnerability USN-612-2

Ubuntu: CUPS vulnerabilities USN-563-1

Ubuntu: pwlib vulnerability

Ubuntu: opal vulnerability

Ubuntu: Tomboy vulnerability

Ubuntu: Linux kernel vulnerabilities USN-558-1

Ubuntu: Samba vulnerability USN-702-1

Ubuntu: Cairo regression

Ubuntu: Cairo regression USN-550-2

Ubuntu: e2fsprogs vulnerability

Ubuntu: Mono vulnerability

Ubuntu: Perl vulnerability

Ubuntu: Cairo vulnerability

Ubuntu: PHP vulnerabilities USN-549-1

Ubuntu: PCRE vulnerabilities

LinuxSecurity Poll

Do you mostly use Linux for desktops or for servers?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By