Advisory: Ubuntu Essential and Critical Security Patch Updates - Page 373

Ubuntu: vim vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ulf Harnhammar discovered that vim does not properly sanitise the "helptags_one()" function when running the "helptags" command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Aug 28, 2007

Ubuntu: Emacs vulnerability USN-504-1

Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service.

LinuxSecurity.com Team
Aug 28, 2007

Ubuntu: tar vulnerability

Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.

LinuxSecurity.com Team
Aug 28, 2007

Ubuntu: KDE vulnerabilities

It was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft.

LinuxSecurity.com Team
Aug 27, 2007

Ubuntu: Thunderbird vulnerabilities USN-503-1

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.

LinuxSecurity.com Team
Aug 27, 2007

Ubuntu: jasper vulnerability

It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.

LinuxSecurity.com Team
Aug 21, 2007

Ubuntu: rsync vulnerability USN-500-1

Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to arbitrary code execution.

LinuxSecurity.com Team
Aug 20, 2007

Ubuntu: Apache vulnerabilities USN-499-1

Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu.

LinuxSecurity.com Team
Aug 20, 2007

Ubuntu: libvorbis vulnerabilities USN-498-1

David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Aug 16, 2007

Ubuntu: xfce4-terminal vulnerability

Lasse K

LinuxSecurity.com Team
Aug 13, 2007

Ubuntu: Qt vulnerability USN-579-1

Several format string vulnerabilities have been discovered in Qt warning messages. By causing an application to process specially crafted input data which triggered Qt warnings, this could be exploited to execute arbitrary code with the privilege of the user running the application.

LinuxSecurity.com Team
Aug 03, 2007

Ubuntu: KOffice vulnerability USN-496-1

Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.

LinuxSecurity.com Team
Aug 03, 2007

Ubuntu: Gimp vulnerability

Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Aug 02, 2007

Ubuntu: Firefox vulnerabilities USN-493-1

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.

LinuxSecurity.com Team
Jul 31, 2007

Ubuntu: tcpdump vulnerability

A flaw was discovered in the BGP dissector of tcpdump. Remote attackers could send specially crafted packets and execute arbitrary code with user privileges.

LinuxSecurity.com Team
Jul 30, 2007

Ubuntu: Bind vulnerability

A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks.

LinuxSecurity.com Team
Jul 25, 2007

Ubuntu: Firefox vulnerabilities USN-490-1

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-3734,

LinuxSecurity.com Team
Jul 19, 2007

Ubuntu: redhat-cluster-suite vulnerability

USN-489-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding fixes for the redhat cluster suite kernel sources. A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations.

LinuxSecurity.com Team
Jul 19, 2007

Ubuntu: Linux kernel vulnerabilities USN-489-1

A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode.

LinuxSecurity.com Team
Jul 19, 2007

Ubuntu: mod_perl vulnerability

Alex Solovey discovered that mod_perl did not correctly validate certain regular expression matches. A remote attacker could send a specially crafted request to a web application using mod_perl, causing the web server to monopolize CPU resources. This could lead to a remote denial of service.

LinuxSecurity.com Team
Jul 18, 2007

Ubuntu Essential and Critical Security Patch Updates - Page 373

Ubuntu: vim vulnerability

Ubuntu: Emacs vulnerability USN-504-1

Ubuntu: tar vulnerability

Ubuntu: KDE vulnerabilities

Ubuntu: Thunderbird vulnerabilities USN-503-1

Ubuntu: jasper vulnerability

Ubuntu: rsync vulnerability USN-500-1

Ubuntu: Apache vulnerabilities USN-499-1

Ubuntu: libvorbis vulnerabilities USN-498-1

Ubuntu: xfce4-terminal vulnerability

Ubuntu: Qt vulnerability USN-579-1

Ubuntu: KOffice vulnerability USN-496-1

Ubuntu: Gimp vulnerability

Ubuntu: Firefox vulnerabilities USN-493-1

Ubuntu: tcpdump vulnerability

Ubuntu: Bind vulnerability

Ubuntu: Firefox vulnerabilities USN-490-1

Ubuntu: redhat-cluster-suite vulnerability

Ubuntu: Linux kernel vulnerabilities USN-489-1

Ubuntu: mod_perl vulnerability

LinuxSecurity Poll

Do you mostly use Linux for desktops or for servers?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By