Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1429-1] Jetty vulnerability (Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Thu, 26 Apr 2012 16:38:11 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1429-1] Jetty vulnerability
Message-ID: <1335472691.563.8.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1429-1
April 26, 2012
jetty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Jetty could be made to hang or crash if it received specially crafted
network traffic.
Software Description:
- jetty: Java servlet engine and webserver
Details:
It was discovered that Jetty computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
This could allow a remote attacker to cause a denial of service by
sending many crafted parameters.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libjetty-java 6.1.24-6ubuntu0.11.04.1
Ubuntu 10.04 LTS:
libjetty-java 6.1.22-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1429-1
CVE-2011-4461
Package Information:
https://launchpad.net/ubuntu/+source/jetty/6.1.24-6ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/jetty/6.1.22-1ubuntu1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120426/7126e87a/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 91, Issue 11
********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2012
(533)
-
▼
April
(80)
- DIY stabilization
- Google releases full FCC report on Street View probe
- Upcoming TVs we can't wait for
- ubuntu-security-announce Digest, Vol 91, Issue 12
- Firefox Aurora slightly tightens security
- The smaller Prius
- Sony Blu-ray player, all looks?
- Hanes Cotton Twill Cargo's $18, Oakley Vault 65%-o...
- ubuntu-security-announce Digest, Vol 91, Issue 11
- Indie games hit their stride; Madden 13 preview
- New carriers and cores for Galaxy devices
- Wait, a tablet with a hard drive?
- Kaspersky: Mac security is '10 years behind Micros...
- Why a dumb TV is better than a 'smart' one
- Get started with Google Drive
- Timberland 30%-off sitewide, Macy's 25%-off sitewi...
- ubuntu-security-announce Digest, Vol 91, Issue 10
- Google Analytics Offer: Get $100 of free advertisi...
- 5 gadgets to amp your home theater
- ubuntu-security-announce Digest, Vol 91, Issue 9
- Point-and-shoots are far from dead
- New Asus Pad has tricks up its sleeve
- Betsey Johnson 40%-off, Tilly's 80% + extra 25%-of...
- Europe's high court says ISPs can hand over allege...
- Ford Focus Electric drive
- Choose the best cheap tablet
- Dell XPS Core i7 Blu-ray, 2GB video Laptop $836, R...
- ubuntu-security-announce Digest, Vol 91, Issue 8
- New God of War game announced; the 30 best iPad games
- HTC One S lands with a splash
- Samsung's Galaxy Nexus comes to Sprint
- Techie gets naked to protest TSA
- Is it time to upgrade your TV?
- 10 ways your phone camera sucks
- MiFi 2200 w/ DataJack 200MB Data Plan $50, Macy's ...
- When should you get a new HDTV?
- PlayStation Network going down this morning -- for...
- Year's best Blu-ray player is $135
- HP dm4 Core i5 Laptop $450, Hauppaugh HD Recorder ...
- Facebook makes user addresses, e-mail identical
- New Nook solves a dark problem
- HP 32GB USB $19, Unlocked HTC One V $340, Piperlim...
- ubuntu-security-announce Digest, Vol 91, Issue 7
- Max Payne on iOS; Best gaming desktops
- Unlocking the AT&T iPhone
- Why e-books cost so much
- ubuntu-security-announce Digest, Vol 91, Issue 6
- Are gesture and voice control the future of TV?
- Six tips to make your Mac safer
- Pre-owned games: Infamous 2 (PS3) $15, Sony Exhale...
- ubuntu-security-announce Digest, Vol 91, Issue 5
- Facebook snaps up Instagram
- Sony's popular compact megazoom: the next generation
- Hotly anticipated laptops of 2012
- Flashback the largest Mac malware threat yet, expe...
- Samsung A597 Eternity II Unlocked GSM $70, Umo Lea...
- Instagram for Android gets tablet, Wi-Fi, SD card ...
- New York showcases the cars you will drive
- Protect your Mac from new threat
- Abercrombie and Fitch 40%-off sitewide, Crocs Acce...
- ubuntu-security-announce Digest, Vol 91, Issue 4
- The brave new world of console gaming; Tony Hawk o...
- Intel lands Atom infotainment deal with Nissan
- Changes to CNET's newsletters will impact you
- Nokia Lumia 900 is (almost) here
- Ugly gaming rig wins our hearts
- How to protect yourself online in three easy steps
- ubuntu-security-announce Digest, Vol 91, Issue 3
- Will new streaming video services finally let us c...
- Our verdict on Nokia's Lumia 900
- Pre-owned PS3/Xbox360 Games: Red Faction Armageddo...
- ubuntu-security-announce Digest, Vol 91, Issue 2
- PhotoMug for Rs.49.00. Ships anywhere in India.
- Sky's the limit: Analyst says Apple could be worth...
- The hottest upcoming tech
- ubuntu-security-announce Digest, Vol 91, Issue 1
- Samsung NX200 gives good photo
- HTC One X: Is it a Nexus killer?
- Turning in an old Xbox? Consider hard drive data, ...
- Samsung AMD Quad Core, 16-inch Laptop $400, Dell 1...
-
▼
April
(80)
No comments:
Post a Comment