USN-1236-1: Linux kernel vulnerabilities

It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. CVE-2009-4067 It was discovered that the Stream Control Transmission Protocol SCTP...

USN-1235-1: Open-iSCSI vulnerability

Colin Watson discovered that iscsidiscovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges...

USN-1234-1: acpid vulnerability

Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service...

USN-1192-3: Libvoikko regression

USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue. We apologize for the inconvenience. Original advisory details: Aral Yaman discovered a...

USN-1232-2: X.Org X server regression

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression. We apologize for the inconvenience. Original advisory details: It was discovered...

USN-1233-1: Kerberos Vulnerabilities

Nalin Dahyabhai, Andrej Ota and Kyle Moffett discovered a NULL pointer dereference in the KDC LDAP backend. An unauthenticated remote attacker could use this to cause a denial of service. This issue affected Ubuntu 11.10. CVE-2011-1527 Mark Deneen discovered that an assert could be triggered in t...

USN-1232-1: X.Org X server vulnerabilities

It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10...

USN-1231-1: PHP Vulnerabilities

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

USN-1230-1: Quassel vulnerability

Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users...

USN-1229-1: PostgreSQL vulnerability

It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort...

USN-1228-1: Linux kernel (OMAP4) vulnerabilities

Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. CVE-2011-1776 Dan Rosenberg discovered that the IPv4 diagnostic routines did n...

USN-1227-1: Linux kernel vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Timo Warns discovered that the EFI GUID partition table was not correctly...

USN-1223-2: Puppet regression

USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorizedkeys files with Puppet. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Pupp...

USN-1222-2: Mozvoikko, ubufox, webfav update

USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Original advisory details: Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous...

USN-1226-2: cifs-utils vulnerabilities

Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. CVE-2011-1678 Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added ...

USN-1226-1: Samba vulnerabilities

Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. CVE-2011-1678 Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mta...

USN-1225-1: Linux kernel vulnerabilities

Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. CVE-2011-1776 Dan Rosenberg discovered that the IPv4 diagnostic routines did n...

USN-1224-1: rsyslog vulnerability

It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash...

USN-1223-1: Puppet vulnerabilities

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. CVE-2011-3869 Ricky Zhou discovered that Puppet did not drop privileges when creating SSH...

USN-1221-1: Mutt vulnerability

It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a machine-in-the-middle attack...

USN-1222-1: Firefox vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary...

USN-1220-1: Linux kernel (OMAP4) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Timo Warns discovered that the EFI GUID partition table was not correctly...

USN-1219-1: Linux kernel (Maverick backport) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Timo Warns discovered that the EFI GUID partition table was not correctly...

USN-1218-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

USN-1217-1: Puppet vulnerability

Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master...

USN-1213-1: Thunderbird vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...

USN-1210-1: Firefox and Xulrunner vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...

USN-1216-1: Linux kernel (EC2) vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

USN-1197-6: Qt vulnerability

USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that revokes the known fraudulent certificates. Original advisory details: USN-1197-1 It was...

USN-1215-1: APT vulnerabilities

It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disablin...

USN-1214-1: GIMP vulnerability

Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges...

USN-1212-1: Linux kernel (OMAP4) vulnerabilities

Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. CVE-2011-0463 Timo Warns discovered that the LDM disk partition handli...

USN-1211-1: Linux kernel vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

USN-1209-2: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

USN-1209-1: FFmpeg vulnerabilities

It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This...

USN-1208-1: Linux kernel (Marvel DOVE) vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

USN-1207-1: CUPS vulnerabilities

Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code...

USN-1206-1: librsvg vulnerability

Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges...

USN-1205-1: Linux kernel (Maverick backport) vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

USN-1203-1: Linux kernel (Marvel DOVE) vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

USN-1204-1: Linux kernel (i.MX51) vulnerabilities

Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. CVE-2010-3859 Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local...

USN-1202-1: Linux kernel (OMAP4) vulnerabilities

Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. CVE-2010-3296, CVE-2010-3297 Brad Spengler discovered that stack memory for new a process was not correctly...

USN-1201-1: Linux kernel vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

USN-1200-1: Quassel vulnerability

It was discovered that Quassel did not properly handle CTCP requests. A remote attacker could exploit this to cause a denial of service via application crash...

USN-1197-5: CA Certificates vulnerability

USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. Original advisory details: It was discovered that Dutch Certificate Authority...

USN-1197-4: NSS vulnerability

USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries NSS. Original advisory details: USN-1197-1 It...

USN-1197-3: Firefox and Xulrunner vulnerability

USN-1197-1 partially addressed an issue with Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update actively distrusts the DigiNotar root certificate as well as several intermediary certificates. Also included in this list of distrusted certificates are the...

USN-1197-2: Thunderbird vulnerability

USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as trusted in the Thunderbird certificate manager. This is due to...

USN-1199-1: Apache vulnerability

A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion...

USN-1197-1: Firefox and Xulrunner vulnerability

It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "machine-in-the-middle" MITM attack which would make the user believe their connection is secure, but is actually being monitored...