Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1601-1] Bind vulnerability (Marc Deslauriers)
2. [USN-1602-1] Ruby vulnerabilities (Tyler Hicks)
3. [USN-1603-1] Ruby vulnerabilities (Tyler Hicks)
----------------------------------------------------------------------
Message: 1
Date: Wed, 10 Oct 2012 08:59:49 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1601-1] Bind vulnerability
Message-ID: <50757145.1090002@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1601-1
October 10, 2012
bind9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
Jake Montgomery discovered that Bind incorrectly handled certain specific
combinations of RDATA. A remote attacker could use this flaw to cause Bind
to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.4
Ubuntu 11.10:
bind9 1:9.7.3.dfsg-1ubuntu4.5
Ubuntu 11.04:
bind9 1:9.7.3.dfsg-1ubuntu2.7
Ubuntu 10.04 LTS:
bind9 1:9.7.0.dfsg.P1-1ubuntu0.8
Ubuntu 8.04 LTS:
bind9 1:9.4.2.dfsg.P2-2ubuntu0.12
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1601-1
CVE-2012-5166
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.4
https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.5
https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu2.7
https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.8
https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P2-2ubuntu0.12
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121010/b90bc828/attachment-0001.pgp>
------------------------------
Message: 2
Date: Wed, 10 Oct 2012 14:51:07 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1602-1] Ruby vulnerabilities
Message-ID: <20121010215106.GB26544@boyd>
Content-Type: text/plain; charset="us-ascii"
==========================================================================
Ubuntu Security Notice USN-1602-1
October 10, 2012
ruby1.9.1 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Ruby could allow excessive access in untrusted programs.
Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby
Details:
Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4464, CVE-2012-4466)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libruby1.9.1 1.9.3.0-1ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1602-1
CVE-2012-4464, CVE-2012-4466
Package Information:
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121010/bcc2b538/attachment-0001.pgp>
------------------------------
Message: 3
Date: Wed, 10 Oct 2012 15:29:48 -0700
From: Tyler Hicks <tyhicks@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1603-1] Ruby vulnerabilities
Message-ID: <20121010222947.GC26544@boyd>
Content-Type: text/plain; charset="us-ascii"
==========================================================================
Ubuntu Security Notice USN-1603-1
October 10, 2012
ruby1.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Ruby could allow excessive access in untrusted programs.
Software Description:
- ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8
Details:
Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libruby1.8 1.8.7.352-2ubuntu1.1
Ubuntu 11.10:
libruby1.8 1.8.7.352-2ubuntu0.2
Ubuntu 11.04:
libruby1.8 1.8.7.302-2ubuntu0.2
Ubuntu 10.04 LTS:
libruby1.8 1.8.7.249-2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1603-1
CVE-2012-4466, CVE-2012-4481
Package Information:
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.1
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.302-2ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121010/fc525f40/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 97, Issue 7
*******************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2012
(533)
-
▼
October
(19)
- ubuntu-security-announce Digest, Vol 97, Issue 19
- ubuntu-security-announce Digest, Vol 97, Issue 18
- ubuntu-security-announce Digest, Vol 97, Issue 17
- ubuntu-security-announce Digest, Vol 97, Issue 16
- ubuntu-security-announce Digest, Vol 97, Issue 15
- ubuntu-security-announce Digest, Vol 97, Issue 14
- ubuntu-security-announce Digest, Vol 97, Issue 13
- ubuntu-security-announce Digest, Vol 97, Issue 12
- ubuntu-security-announce Digest, Vol 97, Issue 11
- ubuntu-security-announce Digest, Vol 97, Issue 10
- ubuntu-security-announce Digest, Vol 97, Issue 9
- ubuntu-security-announce Digest, Vol 97, Issue 8
- ubuntu-security-announce Digest, Vol 97, Issue 7
- ubuntu-security-announce Digest, Vol 97, Issue 6
- ubuntu-security-announce Digest, Vol 97, Issue 5
- ubuntu-security-announce Digest, Vol 97, Issue 4
- ubuntu-security-announce Digest, Vol 97, Issue 3
- ubuntu-security-announce Digest, Vol 97, Issue 2
- ubuntu-security-announce Digest, Vol 97, Issue 1
-
▼
October
(19)
No comments:
Post a Comment