ubuntu-security-announce Digest, Vol 96, Issue 19

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1551-2] Thunderbird regressions (Micah Gersten)


----------------------------------------------------------------------

Message: 1
Date: Fri, 28 Sep 2012 08:03:05 -0500
From: Micah Gersten <micah@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1551-2] Thunderbird regressions
Message-ID: <5065A009.1060907@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1551-2
September 28, 2012

thunderbird regressions
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

USN-1551-1 introduced regressions in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a
regression in the message editor and certain performance regressions as
well. This update fixes the problems.

Original advisory details:

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Thunderbird. If the user
were tricked into opening a specially crafted E-Mail, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1970, CVE-2012-1971)

Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted E-Mail, an attacker
could exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,
CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,
CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)

Mariusz Mlynsk discovered that it is possible to shadow the location object
using Object.defineProperty. This could potentially result in a cross-site
scripting (XSS) attack against plugins. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
E-Mail, a remote attacker could exploit this to modify the contents or
steal confidential data within the same domain. (CVE-2012-1956)

Fr?d?ric Hoguin discovered that bitmap format images with a negative height
could potentially result in memory corruption. If the user were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Thunderbird. (CVE-2012-3966)

It was discovered that Thunderbird's WebGL implementation was vulnerable to
multiple memory safety issues. If the user were tricked into opening a
specially crafted E-Mail, an attacker could exploit these to cause a denial
of service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-3967, CVE-2012-3968)

Arthur Gerkis discovered multiple memory safety issues in Thunderbird's
Scalable Vector Graphics (SVG) implementation. If the user were tricked
into opening a specially crafted image, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Thunderbird. (CVE-2012-3969,
CVE-2012-3970)

Christoph Diehl discovered multiple memory safety issues in the bundled
Graphite 2 library. If the user were tricked into opening a specially
crafted E-Mail, an attacker could exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2012-3971)

Nicolas Gr?goire discovered an out-of-bounds read in the format-number
feature of XSLT. This could potentially cause inaccurate formatting of
numbers and information leakage. (CVE-2012-3972)

It was discovered that when the DOMParser is used to parse text/html data
in a Thunderbird extension, linked resources within this HTML data will be
loaded. If the data being parsed in the extension is untrusted, it could
lead to information leakage and potentially be combined with other attacks
to become exploitable. (CVE-2012-3975)

It was discovered that, in some instances, certain security checks in the
location object could be bypassed. This could allow for the loading of
restricted content and can potentially be combined with other issues to
become exploitable. (CVE-2012-3978)

Colby Russell discovered that eval in the web console can execute injected
code with chrome privileges, leading to the running of malicious code in a
privileged context. If the user were tricked into opening a specially
crafted E-Mail, an attacker could exploit this to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Thunderbird. (CVE-2012-3980)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
thunderbird 15.0.1+build1-0ubuntu0.12.04.1
thunderbird-globalmenu 15.0.1+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
thunderbird 15.0.1+build1-0ubuntu0.11.10.1
thunderbird-globalmenu 15.0.1+build1-0ubuntu0.11.10.1

Ubuntu 11.04:
thunderbird 15.0.1+build1-0ubuntu0.11.04.1
thunderbird-globalmenu 15.0.1+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:
thunderbird 15.0.1+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1551-2
http://www.ubuntu.com/usn/usn-1551-1
https://launchpad.net/bugs/1049428

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/15.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/thunderbird/15.0.1+build1-0ubuntu0.10.04.1





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120928/ccecd66e/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 19
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 18

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1587-1] libxml2 vulnerability (Marc Deslauriers)
2. [USN-1586-1] Emacs vulnerabilities (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Thu, 27 Sep 2012 13:56:41 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1587-1] libxml2 vulnerability
Message-ID: <50649359.2080006@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1587-1
September 27, 2012

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.

Software Description:
- libxml2: GNOME XML library

Details:

Juri Aedla discovered that libxml2 incorrectly handled certain memory
operations. If a user or application linked against libxml2 were tricked
into opening a specially crafted XML file, an attacker could cause the
application to crash or possibly execute arbitrary code with the privileges
of the user invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.2

Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.4

Ubuntu 11.04:
libxml2 2.7.8.dfsg-2ubuntu0.5

Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.6

Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1587-1
CVE-2012-2807

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.2
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-2ubuntu0.5
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.6
https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.10


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120927/a4eefa64/attachment-0001.pgp>

------------------------------

Message: 2
Date: Thu, 27 Sep 2012 13:55:25 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1586-1] Emacs vulnerabilities
Message-ID: <5064930D.3010400@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1586-1
September 27, 2012

emacs23 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

Emacs could be made to run programs as your login if it opened a specially
crafted file.

Software Description:
- emacs23: The GNU Emacs editor (with GTK+ user interface)

Details:

Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a
user were tricked into opening a file with Emacs, a local attacker could
execute arbitrary Lisp code with the privileges of the user invoking the
program. (CVE-2012-0035)

Paul Ling discovered that Emacs incorrectly handled certain eval forms in
local-variable sections. If a user were tricked into opening a specially
crafted file with Emacs, a remote attacker could execute arbitrary Lisp
code with the privileges of the user invoking the program. (CVE-2012-3479)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
emacs23 23.3+1-1ubuntu9.1
emacs23-common 23.3+1-1ubuntu9.1

Ubuntu 11.10:
emacs23 23.3+1-1ubuntu4.1
emacs23-common 23.3+1-1ubuntu4.1

After a standard system update you need to restart Emacs to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-1586-1
CVE-2012-0035, CVE-2012-3479

Package Information:
https://launchpad.net/ubuntu/+source/emacs23/23.3+1-1ubuntu9.1
https://launchpad.net/ubuntu/+source/emacs23/23.3+1-1ubuntu4.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120927/22631ed5/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 18
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 17

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1584-1] Transmission vulnerability (Marc Deslauriers)
2. [USN-1585-1] FreeRADIUS vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Wed, 26 Sep 2012 10:44:23 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1584-1] Transmission vulnerability
Message-ID: <506314C7.3080809@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1584-1
September 26, 2012

transmission vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Transmission could be made to expose sensitive information over the
network.

Software Description:
- transmission: lightweight BitTorrent client

Details:

Justin C. Klein Keane discovered that the Transmission web client
incorrectly escaped certain strings. If a user were tricked into opening a
specially crafted torrent file, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
transmission-common 2.51-0ubuntu1.1

After a standard system update you need to restart Transmission to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1584-1
CVE-2012-4037

Package Information:
https://launchpad.net/ubuntu/+source/transmission/2.51-0ubuntu1.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120926/1ff1a914/attachment-0001.pgp>

------------------------------

Message: 2
Date: Wed, 26 Sep 2012 10:44:51 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1585-1] FreeRADIUS vulnerability
Message-ID: <506314E3.3060601@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1585-1
September 26, 2012

freeradius vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04

Summary:

FreeRADIUS could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- freeradius: a high-performance and highly configurable RADIUS server

Details:

Timo Warns discovered that FreeRADIUS incorrectly handled certain long
timestamps in client certificates. A remote attacker could exploit this
flaw and cause the FreeRADIUS server to crash, resulting in a denial of
service, or possibly execute arbitrary code.

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
freeradius 2.1.10+dfsg-3ubuntu0.12.04.1

Ubuntu 11.10:
freeradius 2.1.10+dfsg-3ubuntu0.11.10.1

Ubuntu 11.04:
freeradius 2.1.10+dfsg-2ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1585-1
CVE-2012-3547

Package Information:

https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-3ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-3ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-2ubuntu2.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120926/94f3cd42/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 17
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 16

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1582-1] RubyGems vulnerabilities (Tyler Hicks)
2. [USN-1583-1] Ruby vulnerabilities (Tyler Hicks)


----------------------------------------------------------------------

Message: 1
Date: Tue, 25 Sep 2012 19:23:13 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1582-1] RubyGems vulnerabilities
Message-ID: <20120926022312.GC4742@boyd>
Content-Type: text/plain; charset="us-ascii"

==========================================================================
Ubuntu Security Notice USN-1582-1
September 26, 2012

rubygems vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

RubyGems could be made to download and install malicious gem files.

Software Description:
- rubygems: package management framework for Ruby libraries/applications

Details:

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)

John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
rubygems 1.8.15-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1582-1
CVE-2012-2125, CVE-2012-2126

Package Information:
https://launchpad.net/ubuntu/+source/rubygems/1.8.15-1ubuntu0.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120925/b88f21bc/attachment-0001.pgp>

------------------------------

Message: 2
Date: Tue, 25 Sep 2012 19:33:16 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1583-1] Ruby vulnerabilities
Message-ID: <20120926023316.GD4742@boyd>
Content-Type: text/plain; charset="us-ascii"

==========================================================================
Ubuntu Security Notice USN-1583-1
September 26, 2012

ruby1.9.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in ruby1.9.1

Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby

Details:

It was discovered that Ruby incorrectly allowed untainted strings to be
modified in protective safe levels. An attacker could use this flaw to bypass
intended access restrictions. (CVE-2011-1005)

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)

John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libruby1.9.1 1.9.3.0-1ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1583-1
CVE-2011-1005, CVE-2012-2125, CVE-2012-2126

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120925/cc225c92/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 16
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 15

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1581-1] Ghostscript vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Mon, 24 Sep 2012 10:40:25 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1581-1] Ghostscript vulnerability
Message-ID: <506070D9.7000405@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1581-1
September 24, 2012

ghostscript vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- ghostscript: The GPL Ghostscript PostScript/PDF interpreter

Details:

Marc Sch??nefeld discovered that Ghostscript did not correctly handle
certain image files. If a user or automated system were tricked into
opening a specially crafted file, an attacker could cause a denial of
service and possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libgs8 8.71.dfsg.1-0ubuntu5.5

Ubuntu 8.04 LTS:
libgs8 8.61.dfsg.1-1ubuntu3.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1581-1
CVE-2012-4405

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/8.71.dfsg.1-0ubuntu5.5
https://launchpad.net/ubuntu/+source/ghostscript/8.61.dfsg.1-1ubuntu3.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120924/2166be99/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 15
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 14

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1577-1] Linux kernel (OMAP4) vulnerabilities (John Johansen)
2. [USN-1578-1] Linux kernel (OMAP4) vulnerabilities (John Johansen)
3. [USN-1579-1] Linux kernel vulnerabilities (John Johansen)
4. [USN-1580-1] Linux kernel (OMAP4) vulnerabilities (John Johansen)


----------------------------------------------------------------------

Message: 1
Date: Fri, 21 Sep 2012 13:33:07 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1577-1] Linux kernel (OMAP4) vulnerabilities
Message-ID: <505CCF03.1050706@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1577-1
September 21, 2012

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

A flaw was discovered in the Linux kernel's KVM (kernel virtual machine).
An administrative user in the guest OS could leverage this flaw to cause a
denial of service in the host OS. (CVE-2012-2121)

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-1209-omap4 2.6.38-1209.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1577-1
CVE-2012-2121, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.26

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120921/c789c0e6/attachment-0001.pgp>

------------------------------

Message: 2
Date: Fri, 21 Sep 2012 14:33:43 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1578-1] Linux kernel (OMAP4) vulnerabilities
Message-ID: <505CDD37.30800@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1578-1
September 21, 2012

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
linux-image-3.0.0-1216-omap4 3.0.0-1216.28

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1578-1
CVE-2012-3412, CVE-2012-3430

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1216.28

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120921/78bfa9e9/attachment-0001.pgp>

------------------------------

Message: 3
Date: Fri, 21 Sep 2012 14:54:23 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1579-1] Linux kernel vulnerabilities
Message-ID: <505CE20F.6070008@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1579-1
September 21, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-31-generic 3.2.0-31.50
linux-image-3.2.0-31-generic-pae 3.2.0-31.50
linux-image-3.2.0-31-highbank 3.2.0-31.50
linux-image-3.2.0-31-omap 3.2.0-31.50
linux-image-3.2.0-31-powerpc-smp 3.2.0-31.50
linux-image-3.2.0-31-powerpc64-smp 3.2.0-31.50
linux-image-3.2.0-31-virtual 3.2.0-31.50

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1579-1
CVE-2012-3412, CVE-2012-3430

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-31.50

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120921/86fed638/attachment-0001.pgp>

------------------------------

Message: 4
Date: Fri, 21 Sep 2012 15:03:23 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1580-1] Linux kernel (OMAP4) vulnerabilities
Message-ID: <505CE42B.7010008@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1580-1
September 21, 2012

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-1419-omap4 3.2.0-1419.26

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1580-1
CVE-2012-3412, CVE-2012-3430

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1419.26

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120921/7813ea33/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 14
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 13

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1576-1] DBus vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Thu, 20 Sep 2012 12:55:05 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1576-1] DBus vulnerability
Message-ID: <1348160105.3307.179.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1576-1
September 20, 2012

dbus vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

DBus could be made to run programs as an administrator.

Software Description:
- dbus: simple interprocess messaging system

Details:

Sebastian Krahmer discovered that DBus incorrectly handled environment
variables when running with elevated privileges. A local attacker could
possibly exploit this flaw with a setuid binary and gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
dbus 1.4.18-1ubuntu1.1
libdbus-1-3 1.4.18-1ubuntu1.1

Ubuntu 11.10:
dbus 1.4.14-1ubuntu1.1
libdbus-1-3 1.4.14-1ubuntu1.1

Ubuntu 11.04:
dbus 1.4.6-1ubuntu6.2
libdbus-1-3 1.4.6-1ubuntu6.2

Ubuntu 10.04 LTS:
dbus 1.2.16-2ubuntu4.5
libdbus-1-3 1.2.16-2ubuntu4.5

Ubuntu 8.04 LTS:
dbus 1.1.20-1ubuntu3.7
libdbus-1-3 1.1.20-1ubuntu3.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1576-1
CVE-2012-3524

Package Information:
https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.4.14-1ubuntu1.1
https://launchpad.net/ubuntu/+source/dbus/1.4.6-1ubuntu6.2
https://launchpad.net/ubuntu/+source/dbus/1.2.16-2ubuntu4.5
https://launchpad.net/ubuntu/+source/dbus/1.1.20-1ubuntu3.7


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120920/e5545add/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 13
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 12

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1574-1] Linux kernel (Natty backport) vulnerabilities
(John Johansen)
2. [USN-1575-1] Linux kernel (Oneiric backport) vulnerabilities
(John Johansen)


----------------------------------------------------------------------

Message: 1
Date: Wed, 19 Sep 2012 14:13:30 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1574-1] Linux kernel (Natty backport) vulnerabilities
Message-ID: <505A357A.5060306@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1574-1
September 19, 2012

linux-lts-backport-natty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty

Details:

A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.38-16-generic 2.6.38-16.67~lucid1
linux-image-2.6.38-16-generic-pae 2.6.38-16.67~lucid1
linux-image-2.6.38-16-server 2.6.38-16.67~lucid1
linux-image-2.6.38-16-virtual 2.6.38-16.67~lucid1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1574-1
CVE-2012-2745, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-16.67~lucid1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120919/c58b25f3/attachment-0001.pgp>

------------------------------

Message: 2
Date: Wed, 19 Sep 2012 14:49:03 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1575-1] Linux kernel (Oneiric backport) vulnerabilities
Message-ID: <505A3DCF.1030104@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1575-1
September 19, 2012

linux-lts-backport-oneiric vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-3.0.0-26-generic 3.0.0-26.42~lucid1
linux-image-3.0.0-26-generic-pae 3.0.0-26.42~lucid1
linux-image-3.0.0-26-server 3.0.0-26.42~lucid1
linux-image-3.0.0-26-virtual 3.0.0-26.42~lucid1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1575-1
CVE-2012-3412, CVE-2012-3430

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-26.42~lucid1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120919/27b48343/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 12
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 11

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1571-1] DHCP vulnerability (Marc Deslauriers)
2. [USN-1572-1] Linux kernel vulnerabilities (John Johansen)
3. [USN-1573-1] Linux kernel (EC2) vulnerabilities (John Johansen)


----------------------------------------------------------------------

Message: 1
Date: Tue, 18 Sep 2012 08:21:23 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1571-1] DHCP vulnerability
Message-ID: <1347970883.3307.37.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1571-1
September 18, 2012

dhcp3, isc-dhcp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

DHCP could be made to crash if it received specially crafted network
traffic.

Software Description:
- isc-dhcp: DHCP server and client
- dhcp3: DHCP server and client

Details:

Glen Eustace discovered that the DHCP server incorrectly handled IPv6
expiration times. A remote attacker could use this issue to cause DHCP to
crash, resulting in a denial of service. This issue only affected Ubuntu
11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955)

Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by
using environment variables. This update mitigates the issue by sanitizing
certain variables in the DHCP shell scripts.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
isc-dhcp-client 4.1.ESV-R4-0ubuntu5.5
isc-dhcp-server 4.1.ESV-R4-0ubuntu5.5

Ubuntu 11.10:
isc-dhcp-client 4.1.1-P1-17ubuntu10.5
isc-dhcp-server 4.1.1-P1-17ubuntu10.5

Ubuntu 11.04:
isc-dhcp-client 4.1.1-P1-15ubuntu9.6
isc-dhcp-server 4.1.1-P1-15ubuntu9.6

Ubuntu 10.04 LTS:
dhcp3-client 3.1.3-2ubuntu3.4
dhcp3-server 3.1.3-2ubuntu3.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1571-1
CVE-2012-3955, https://launchpad.net/bugs/1016643

Package Information:
https://launchpad.net/ubuntu/+source/isc-dhcp/4.1.ESV-R4-0ubuntu5.5
https://launchpad.net/ubuntu/+source/isc-dhcp/4.1.1-P1-17ubuntu10.5
https://launchpad.net/ubuntu/+source/isc-dhcp/4.1.1-P1-15ubuntu9.6
https://launchpad.net/ubuntu/+source/dhcp3/3.1.3-2ubuntu3.4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120918/c1954498/attachment-0001.pgp>

------------------------------

Message: 2
Date: Tue, 18 Sep 2012 18:14:46 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1572-1] Linux kernel vulnerabilities
Message-ID: <50591C86.7090907@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1572-1
September 19, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-43-386 2.6.32-43.97
linux-image-2.6.32-43-generic 2.6.32-43.97
linux-image-2.6.32-43-generic-pae 2.6.32-43.97
linux-image-2.6.32-43-ia64 2.6.32-43.97
linux-image-2.6.32-43-lpia 2.6.32-43.97
linux-image-2.6.32-43-powerpc 2.6.32-43.97
linux-image-2.6.32-43-powerpc-smp 2.6.32-43.97
linux-image-2.6.32-43-powerpc64-smp 2.6.32-43.97
linux-image-2.6.32-43-preempt 2.6.32-43.97
linux-image-2.6.32-43-server 2.6.32-43.97
linux-image-2.6.32-43-sparc64 2.6.32-43.97
linux-image-2.6.32-43-sparc64-smp 2.6.32-43.97
linux-image-2.6.32-43-versatile 2.6.32-43.97
linux-image-2.6.32-43-virtual 2.6.32-43.97

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1572-1
CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-43.97

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120918/50c53a04/attachment-0001.pgp>

------------------------------

Message: 3
Date: Tue, 18 Sep 2012 18:21:34 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1573-1] Linux kernel (EC2) vulnerabilities
Message-ID: <50591E1E.3030205@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1573-1
September 19, 2012

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-348-ec2 2.6.32-348.54

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1573-1
CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-348.54

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120918/75b03f51/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 11
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 10

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1569-1] PHP vulnerabilities (Marc Deslauriers)
2. [USN-1570-1] GnuPG vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Mon, 17 Sep 2012 08:52:53 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1569-1] PHP vulnerabilities
Message-ID: <1347886373.3321.5.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1569-1
September 17, 2012

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain character sequences
when applying HTTP response-splitting protection. A remote attacker could
create a specially-crafted URL and inject arbitrary headers.
(CVE-2011-1398, CVE-2012-4388)

It was discovered that PHP incorrectly handled directories with a large
number of files. This could allow a remote attacker to execute arbitrary
code with the privileges of the web server, or to perform a denial of
service. (CVE-2012-2688)

It was discovered that PHP incorrectly parsed certain PDO prepared
statements. A remote attacker could use this flaw to cause PHP to crash,
leading to a denial of service. (CVE-2012-3450)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
php5 5.3.10-1ubuntu3.4

Ubuntu 11.10:
php5 5.3.6-13ubuntu3.9

Ubuntu 11.04:
php5 5.3.5-1ubuntu7.11

Ubuntu 10.04 LTS:
php5 5.3.2-1ubuntu4.18

Ubuntu 8.04 LTS:
php5 5.2.4-2ubuntu5.26

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1569-1
CVE-2011-1398, CVE-2012-2688, CVE-2012-3450, CVE-2012-4388

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.4
https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.9
https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.11
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.18
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.26


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120917/d66dd39a/attachment-0001.pgp>

------------------------------

Message: 2
Date: Mon, 17 Sep 2012 10:22:26 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1570-1] GnuPG vulnerability
Message-ID: <1347891746.3321.17.camel@mdlinux>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1570-1
September 17, 2012

gnupg, gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

GnuPG could be tricked into downloading a different key when downloading
from a key server.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

It was discovered that GnuPG used a short ID when downloading keys from a
keyserver, even if a long ID was requested. An attacker could possibly use
this to return a different key with a duplicate short key id.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.1
gnupg2 2.0.17-2ubuntu2.12.04.1

Ubuntu 11.10:
gnupg 1.4.11-3ubuntu1.11.10.1
gnupg2 2.0.17-2ubuntu2.11.10.1

Ubuntu 11.04:
gnupg 1.4.11-3ubuntu1.11.04.1
gnupg2 2.0.14-2ubuntu1.2

Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.1
gnupg2 2.0.14-1ubuntu1.4

Ubuntu 8.04 LTS:
gnupg 1.4.6-2ubuntu5.1
gnupg2 2.0.7-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1570-1
https://launchpad.net/bugs/1016643

Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.10.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.11.10.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.04.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-2ubuntu1.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.6-2ubuntu5.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.7-1ubuntu0.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120917/8c056266/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 10
********************************************************

ubuntu-security-announce Digest, Vol 96, Issue 9

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. Ubuntu 11.04 (Natty Narwhal) reaches end-of-life on October
28, 2012 (Kate Stewart)


----------------------------------------------------------------------

Message: 1
Date: Sun, 16 Sep 2012 20:12:59 -0500
From: Kate Stewart <kate.stewart@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com,
ubuntu-security-announce@lists.ubuntu.com
Cc: ubuntu-release@lists.ubuntu.com
Subject: Ubuntu 11.04 (Natty Narwhal) reaches end-of-life on October
28, 2012
Message-ID: <1347844379.2683.8.camel@veni>
Content-Type: text/plain; charset="UTF-8"

Ubuntu announced its 11.04 (Natty Narwhal) release almost 18 months
ago, on April 28, 2011. As with the earlier releases,
Ubuntu committed to ongoing security and critical fixes for a period
of 18 months. The support period is now nearing its end and Ubuntu 11.04
will reach end of life on Sunday, October 28. At that time, Ubuntu
Security Notices will no longer include information or updated packages
for Ubuntu 11.04.

The supported upgrade path from Ubuntu 11.04 is via Ubuntu 11.10.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/OneiricUpgrades. Ubuntu 11.10
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

Kate Stewart
Ubuntu Release Manager





------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 9
*******************************************************

ubuntu-security-announce Digest, Vol 96, Issue 8

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1567-1] Linux kernel vulnerabilities (John Johansen)
2. [USN-1568-1] Linux kernel vulnerabilities (John Johansen)


----------------------------------------------------------------------

Message: 1
Date: Fri, 14 Sep 2012 10:44:03 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1567-1] Linux kernel vulnerabilities
Message-ID: <50536CE3.8080004@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1567-1
September 14, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-16-generic 2.6.38-16.67
linux-image-2.6.38-16-generic-pae 2.6.38-16.67
linux-image-2.6.38-16-omap 2.6.38-16.67
linux-image-2.6.38-16-powerpc 2.6.38-16.67
linux-image-2.6.38-16-powerpc-smp 2.6.38-16.67
linux-image-2.6.38-16-powerpc64-smp 2.6.38-16.67
linux-image-2.6.38-16-server 2.6.38-16.67
linux-image-2.6.38-16-versatile 2.6.38-16.67
linux-image-2.6.38-16-virtual 2.6.38-16.67

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1567-1
CVE-2012-2745, CVE-2012-3412, CVE-2012-3430, CVE-2012-3511

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.38-16.67

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120914/532007e7/attachment-0001.pgp>

------------------------------

Message: 2
Date: Fri, 14 Sep 2012 13:25:49 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1568-1] Linux kernel vulnerabilities
Message-ID: <505392CD.3020106@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1568-1
September 14, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)

Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
linux-image-3.0.0-26-generic 3.0.0-26.42
linux-image-3.0.0-26-generic-pae 3.0.0-26.42
linux-image-3.0.0-26-omap 3.0.0-26.42
linux-image-3.0.0-26-powerpc 3.0.0-26.42
linux-image-3.0.0-26-powerpc-smp 3.0.0-26.42
linux-image-3.0.0-26-powerpc64-smp 3.0.0-26.42
linux-image-3.0.0-26-server 3.0.0-26.42
linux-image-3.0.0-26-virtual 3.0.0-26.42

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1568-1
CVE-2012-3412, CVE-2012-3430

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.0.0-26.42

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120914/5a362410/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 96, Issue 8
*******************************************************