USN-1065-1: shadow vulnerability

Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the...

USN-1062-1: Kerberos vulnerabilities

Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon kpropd is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode; kpropd was not...

USN-1063-1: QEMU vulnerability

Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC...

USN-1061-1: iTALC vulnerability

Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the...

USN-1060-1: Exim vulnerabilities

It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. CVE-2010-4345 It was discovered that Exim incorrectly...

USN-1059-1: Dovecot vulnerabilities

It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. CVE-2010-3304 It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in...

USN-1058-1: PostgreSQL vulnerability

Geoff Keating reported that a buffer overflow exists in the intarray module's input function for the queryint type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user...

USN-1057-1: Linux kernel vulnerabilities

Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. CVE-2010-2943 Dan Rosenberg discover...

USN-1056-1: OpenOffice.org vulnerabilities

Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. CVE-2010-2935, CVE-2010-2936 Marc...

USN-1054-1: Linux kernel vulnerabilities

Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Rosenberg discovered that the Linux kernel TIPC implementation...

USN-1055-1: OpenJDK vulnerabilities

It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. CVE-2011-0025 USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu...

USN-1053-1: Subversion vulnerabilities

It was discovered that Subversion incorrectly handled certain 'partial access' privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information revision properties. This issue only applied to Ubuntu 6.06 LTS. CVE-2007-2448 It was discovered that the...

USN-1052-1: OpenJDK vulnerability

It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. CVE-2010-4351...

USN-1051-1: HPLIP vulnerability

Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code...

USN-1048-1: Tomcat vulnerability

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server...

USN-1047-1: AWStats vulnerability

It was discovered that AWStats did not correctly filter the LoadPlugin configuration option. A local attacker on a shared system could use this to inject arbitrary code into AWStats...

USN-1046-1: Sudo vulnerability

Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the RunasSpec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group RunasSpec i...

USN-1045-2: util-linux update

USN-1045-1 fixed vulnerabilities in FUSE. This update to util-linux adds support for new options required by the FUSE update. Original advisory details: It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to...

USN-1045-1: FUSE vulnerability

It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service...

USN-1044-1: D-Bus vulnerability

Remi Denis-Courmont discovered that D-Bus did not properly validate the number of nested variants when validating D-Bus messages. A local attacker could exploit this to cause a denial of service...

USN-1042-2: PHP5 regression

USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the openbasedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that attackers might be able to bypass...

USN-1009-2: GNU C Library vulnerability

USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the "man" program was installed setuid, a local attacker could exploit this ...

USN-1043-1: Little CMS vulnerability

It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image. CVE-2009-0793...

USN-1042-1: PHP vulnerabilities

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting XSS protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. CVE-2009-5016 It was discovered that the XML UTF-8 decoding code did not...

USN-1041-1: Linux kernel vulnerabilities

Louis Rilling and Matthieu Fertré reported a use after free error in the Linux kernel's futexwait function. A local user could exploit this flaw to cause a denial of service system crash or possibly gain privileges via a specially crafted application. CVE-2014-0205 Ben Hawkes discovered that the...

USN-1040-1: Django vulnerabilities

Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. CVE-2010-4534 Paul McMillan discovered that Django did not validate the length of the token used when generating a...

USN-1039-1: AppArmor update

It was discovered that if AppArmor was misconfigured, under certain circumstances the parser could generate policy using an unconfined fallback execute transition when one was not specified...

USN-1038-1: dpkg vulnerability

Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files...

USN-1037-1: ifupdown update

Under certain circumstances, the DHCP client could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before DHCP client starts...

USN-1036-1: CUPS update

Under certain circumstances, CUPS could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before CUPS starts...

USN-1035-1: Evince vulnerabilities

Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's...

USN-1033-1: Eucalyptus vulnerability

It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment...

USN-1024-2: OpenJDK regression

USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additional backported improvements could interfere with the compilation of certain Java software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that certain system property...

USN-1032-1: Exim vulnerability

Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges...

USN-1031-1: ClamAV vulnerabilities

Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. CVE-2010-4260, CVE-2010-4479 It was discovered that an off-by-one...

USN-1019-1: Firefox and Xulrunner vulnerabilities

Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-3776, CVE-2010-3777, CVE-2010-3778 It was...

USN-1020-1: Thunderbird vulnerabilities

Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash THunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-3776, CVE-2010-3777, CVE-2010-3778 Marc...

USN-1030-1: Kerberos vulnerabilities

It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center KDC or forge a KRB-SAFE message. CVE-2010-1323 It was discovered that Kerber...

USN-1029-1: OpenSSL vulnerabilities

It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. CVE-2010-4180 It was discovered that an old bug...

USN-1027-1: Quagga vulnerabilities

It was discovered that Quagga incorrectly handled certain Outbound Route Filtering ORF records. A remote authenticated attacker could use this flaw to cause a denial of service or potentially execute arbitrary code. The default compiler options for Ubuntu 8.04 LTS and later should reduce the...

USN-1028-1: ImageMagick vulnerability

It was discovered that ImageMagick would search for configuration files in the current directory. If a user were tricked into opening or processing an image in an arbitrary directory, a local attacker could execute arbitrary code with the user's privileges...

USN-1026-1: Python Paste vulnerability

It was discovered that Python Paste did not properly sanitize certain strings, resulting in cross-site scripting XSS vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this ...

USN-1025-1: Bind vulnerabilities

It was discovered that Bind would incorrectly allow a ncache entry and a rrsig for the same type. A remote attacker could exploit this to cause Bind to crash, resulting in a denial of service. CVE-2010-3613 It was discovered that Bind would incorrectly mark zone data as insecure when the zone is...

USN-1024-1: OpenJDK vulnerability

It was discovered that certain system property information was being leaked, which could allow an attacker to obtain sensitive information...

USN-1023-1: Linux kernel vulnerabilities

Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. CVE-2010-3848, CVE-2010-3849,...

USN-1022-1: APR-util vulnerability

It was discovered that APR-util did not properly handle memory when destroying APR buckets. An attacker could exploit this and cause a denial of service via memory exhaustion...

USN-1021-1: Apache vulnerabilities

It was discovered that Apache's modcache and moddav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. CVE-2010-1452 It was discovere...

USN-1018-1: OpenSSL vulnerability

Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. CVE-2010-3864...

USN-1017-1: MySQL vulnerabilities

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. CVE-2010-2008 It was discovered that MySQL...

USN-1016-1: libxml2 vulnerability

Bui Quang Minh discovered that libxml2 did not properly process XPath namespaces and attributes. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...