News

Thursday, October 20, 2011

ubuntu-security-announce Digest, Vol 85, Issue 10

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1232-2] X.Org X server regression (Marc Deslauriers)
2. [USN-1192-3] Libvoikko regression (Micah Gersten)


----------------------------------------------------------------------

Message: 1
Date: Wed, 19 Oct 2011 17:13:40 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1232-2] X.Org X server regression
Message-ID: <1319058820.12439.4.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1232-2
October 19, 2011

xorg-server regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

USN-1232-1 caused a regression with GLX support.

Software Description:
- xorg-server: X.Org X server

Details:

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was
found on Ubuntu 10.04 LTS that affected GLX support.

This update temporarily disables the fix for CVE-2010-4818 that introduced
the regression.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly execute arbitrary code
with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-4818)

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly read arbitrary data from
the X server process. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-4819)

Vladz discovered that the X server incorrectly handled lock files. A local
attacker could use this flaw to determine if a file existed or not.
(CVE-2011-4028)

Vladz discovered that the X server incorrectly handled setting lock file
permissions. A local attacker could use this flaw to gain read permissions
on arbitrary files and view sensitive information. (CVE-2011-4029)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
xserver-xorg-core 2:1.7.6-2ubuntu7.9

After a standard system update you need to restart your session to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1232-2
http://www.ubuntu.com/usn/usn-1232-1
https://launchpad.net/bugs/877905

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.9


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20111019/e44e6fac/attachment-0001.pgp>

------------------------------

Message: 2
Date: Wed, 19 Oct 2011 16:35:39 -0500
From: Micah Gersten <micah@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1192-3] Libvoikko regression
Message-ID: <4E9F42AB.9050806@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1192-3
October 19, 2011

libvoikko regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

A regression caused Firefox to crash while spell checking in Finnish.

Software Description:
- libvoikko: Library of Finnish language tools

Details:

USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this
caused a regression in libvoikko which caused Firefox to crash while spell
checking words with hyphens. This update corrects the issue. We apologize
for the inconvenience.

Original advisory details:

Aral Yaman discovered a vulnerability in the WebGL engine. An attacker
could potentially use this to crash Firefox or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2011-2989)

Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An
attacker could potentially use this to crash Firefox or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2011-2991)

Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg
reader. An attacker could potentially use this to crash Firefox or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2991)

Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple
memory vulnerabilities in the browser rendering engine. An attacker could
use these to possibly execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-2985)

Rafael Gieschke discovered that unsigned JavaScript could call into a
script inside a signed JAR. This could allow an attacker to execute
arbitrary code with the identity and permissions of the signed JAR.
(CVE-2011-2993)

Michael Jordon discovered that an overly long shader program could cause a
buffer overrun. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2988)

Michael Jordon discovered a heap overflow in the ANGLE library used in
Firefox's WebGL implementation. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-2987)

It was discovered that an SVG text manipulation routine contained a
dangling pointer vulnerability. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-0084)

Mike Cardwell discovered that Content Security Policy violation reports
failed to strip out proxy authorization credentials from the list of
request headers. This could allow a malicious website to capture proxy
authorization credentials. Daniel Veditz discovered that redirecting to a
website with Content Security Policy resulted in the incorrect resolution
of hosts in the constructed policy. This could allow a malicious website to
circumvent the Content Security Policy of another website. (CVE-2011-2990)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
libvoikko1 3.1-1ubuntu0.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1192-3
http://www.ubuntu.com/usn/usn-1192-1
https://launchpad.net/bugs/832582

Package Information:
https://launchpad.net/ubuntu/+source/libvoikko/3.1-1ubuntu0.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20111019/6d6a21be/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 85, Issue 10
********************************************************

No comments:

Blog Archive