Ubuntu Essential and Critical Security Patch Updates - Page 371
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)
It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.
Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.
Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code.
Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths. A remote attacker could send specially crafted packets to applications linked against pwlib (e.g. Ekiga) causing them to crash, leading to a denial of service.
Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.
Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058) Certain calculations in the hugetlb code were not correct. A local attacker could exploit this to cause a kernel panic, leading to a denial of service.
Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.
USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the inconvenience.
Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.
It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)
Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.
It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. (CVE-2007-5947)
Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash.
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges.