USN-1284-1: Update Manager vulnerabilities

David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. CVE-2011-3152 David Black...

USN-1283-1: APT vulnerability

It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. CVE-2011-3634...

USN-1282-1: Thunderbird vulnerabilities

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...

USN-1281-1: Linux (OMAP4) vulnerabilities

Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-2183 It was discovered that an mmap call with the MAPPRIVATE flag on "/dev/zero" was incorrectly...

USN-1280-1: Linux (OMAP4) vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 Robert Swiecki discovered that mapping extensions were incorrectly handled...

USN-1279-1: Linux (Natty backport) vulnerabilities

Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-2183 Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A...

USN-1278-1: Linux (Maverick backport) vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 Andrea Righi discovered a race condition in the KSM memory merging support...

USN-1277-2: Mozvoikko and ubufox update

USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Original advisory details: Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigg...

USN-1277-1: Firefox vulnerabilities

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...

USN-1276-1: KDE Utilities vulnerability

Tim Brown discovered that Ark did not properly perform input validation when previewing archive files. If a user were tricked into opening a crafted archive file, an attacker could remove files via directory traversal...

USN-1275-1: Linux kernel vulnerability

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

USN-1274-1: Linux kernel (Marvell DOVE) vulnerabilities

Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. CVE-2011-2491 Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the...

USN-1273-1: Pidgin vulnerabilities

Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. CVE-2011-1091...

USN-1272-1: Linux kernel vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 Andrea Righi discovered a race condition in the KSM memory merging support...

USN-1271-1: Linux kernel (FSL-IMX51) vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 It was discovered that the GRE protocol incorrectly handled netns...

USN-1270-1: Software Center vulnerability

David B. discovered that Software Center incorrectly validated server certificates when performing secure connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information or install altered packages and repositories...

USN-1269-1: Linux kernel (EC2) vulnerabilities

Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. CVE-2011-2491 Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the...

USN-1268-1: Linux kernel vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 It was discovered that the GRE protocol incorrectly handled netns...

USN-1267-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. CVE-2011-3256 It was discovered...

USN-1266-1: OpenLDAP vulnerability

It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted crafted LDIF entry containing an empty postalAddress...

USN-1265-1: system-config-printer vulnerability

Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be...

USN-1264-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service...

USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

USN-1262-1: Light Display Manager vulnerabilities

It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. CVE-2011-3153 It was discovered that Light Display Manager incorrectly handled lin...

USN-1260-1: Linux kernel (OMAP4) vulnerability

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

USN-1261-1: Quagga vulnerabilities

Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. CVE-2011-3323 Riku Hietamäki, Tuomo Untinen and Jukka...

USN-1259-1: Apache vulnerabilities

It was discovered that the modproxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external...

USN-1251-1: Firefox and Xulrunner vulnerabilities

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the Mozill...

USN-1258-1: ClamAV vulnerability

Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service...

USN-1257-1: radvd vulnerabilities

Vasiliy Kulikov discovered that radvd incorrectly parsed the NDOPTDNSSLINFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduc...

USN-1256-1: Linux kernel (Natty backport) vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

USN-1255-1: libmodplug vulnerabilities

Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the...

USN-1253-1: Linux kernel vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

USN-1252-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. CVE-2011-1184 Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX...

USN-1250-1: Empathy vulnerabilities

It was discovered that a cross-site scripting XSS vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations...

USN-1249-1: BackupPC vulnerabilities

It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting XSS vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a...

USN-1248-1: KDE-Libs vulnerability

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name CN for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This...

USN-1238-2: Puppet regression

USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled the non-default...

USN-1247-1: Nova vulnerability

An information leak was discovered in Nova. An attacker with access to a valid EC2ACCESSKEY could obtain the corresponding EC2SECRETKEY for that user...

USN-1246-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. CVE-2011-2213 Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP...

USN-1245-1: Linux kernel (Marvell DOVE) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

USN-1244-1: Linux kernel (OMAP4) vulnerabilities

Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. CVE-2010-3873 Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being...

USN-1243-1: Linux kernel vulnerabilities

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

USN-1242-1: Linux kernel (Maverick backport) vulnerabilities

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

USN-1241-1: Linux kernel (i.MX51) vulnerabilities

It was discovered that the Stream Control Transmission Protocol SCTP implementation incorrectly calculated lengths. If the net.sctp.addipenable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. CVE-2011-1573 Ryan Sweat discovered that the kernel...

USN-1240-1: Linux kernel (Marvell DOVE) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

USN-1239-1: Linux kernel (EC2) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

USN-1238-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet primary server’s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet...

USN-1237-1: PAM vulnerabilities

Kees Cook discovered that the PAM pamenv module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial o...

USN-1232-3: X.Org X server vulnerability

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818. We apologize for the inconvenience...