ubuntu-security-announce Digest, Vol 97, Issue 2

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1590-1] QEMU vulnerability (Marc Deslauriers)
2. [USN-1591-1] xdiagnose update (Jamie Strandboge)
3. [USN-1592-1] Python 2.7 vulnerabilities (Jamie Strandboge)
4. [USN-1593-1] devscripts vulnerabilities (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Tue, 02 Oct 2012 10:15:20 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1590-1] QEMU vulnerability
Message-ID: <506AF6F8.8060903@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1590-1
October 02, 2012

qemu-kvm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

QEMU could be made to crash or run programs.

Software Description:
- qemu-kvm: Machine emulator and virtualizer

Details:

It was discovered that QEMU incorrectly handled certain VT100 escape
sequences. A guest user with access to an emulated character device could
use this flaw to cause QEMU to crash, or possibly execute arbitrary code on
the host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2

Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5

Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20

After a standard system update you need to restart your virtual machines to
make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515

Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121002/fd00e87b/attachment-0001.pgp>

------------------------------

Message: 2
Date: Tue, 02 Oct 2012 14:57:06 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1591-1] xdiagnose update
Message-ID: <506B4712.9020107@canonical.com>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


==========================================================================
Ubuntu Security Notice USN-1591-1
October 02, 2012

xdiagnose update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 12.04 LTS

Summary:

3rd party applications using xdiagnose could potentially be made to
overwrite files.

Software Description:
- - xdiagnose: X.org diagnosis tool

Details:

Alec Warner discovered that xdiagnose improperly handled temporary files
in welcome.py when creating user-initiated archive files. While
failsafeX does not use the vulnerable code, this update removes this
functionality to protect any 3rd party applications which import the
vulnerable code. In the default Ubuntu installation, this should be
prevented by the Yama link restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
xdiagnose 2.5.2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1591-1
https://launchpad.net/bugs/1036211

Package Information:
https://launchpad.net/ubuntu/+source/xdiagnose/2.5.2ubuntu0.1



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIbBAEBCgAGBQJQa0cLAAoJEFHb3FjMVZVzrYsP9Am30mCdGs6nEfuK162Kxi8j
e/ByGns5xVxZoHgWyi54Jo9HD9d7rjtEdJoFWFVitTQGJlHq1CLrHhdSvXiKXIUe
W1LaL5LP/8uGkAM1/HyBHG8vVNrh9T5PkB48AIdie0vhE3nvcRA1O3wcBqwzMFS7
6xIUoK9R9USmXfX2pkD1Mr2LMAxfRF0FLijAX/heQU3JiHuUlSHCcbyVcoiaAEFN
k00uZMKUOWqn4kXfl9FvMbsxSN+Xg9pzQ/CN1byjWc/im8cVakU9I5kKQbp+t4FL
ntN0PttVGn/9/+Rj2Pswa3zjGgnABitE0bEr3zYrwxfibLoVoqifR717731eFTXD
dXbCx667rFtuwkEqssZjcwnovBqrfiG8cBeOxoDXie7vE7Z5alMoPRxOX8ZR1xuE
KFP7pWSDp5aIJI7jp6yWO00puYuiW8gfjQ05fOiuUsLiCtFlY4W6Mz2FL3sXDtcw
qywTqAj6O+AJiB+h0BFSaXEa7rZa8ZGbESR3QXSDW7UEssYuIEDlGsw6x7KZ1zFz
AtL2dwFgqMBKRZCSmnaksMj6DnHLR8XNioXBoPAIF7VD2vT0r+siHpuvpAxxSd8y
6GnDeAzWSevR/Pq/2nzZPC/+07/EJa69CqxyzI43ZYb8oeZve52MmfFNaAgS1zkM
/6u26JNyATb75G0cYdc=
=bAqp
-----END PGP SIGNATURE-----



------------------------------

Message: 3
Date: Tue, 02 Oct 2012 15:27:59 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1592-1] Python 2.7 vulnerabilities
Message-ID: <506B4E4F.9090103@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1592-1
October 02, 2012

python2.7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Several security issues were fixed in Python 2.7.

Software Description:
- python2.7: An interactive high-level object-oriented language
(version 2.7)

Details:

Niels Heinen discovered that the urllib and urllib2 modules would
process Location headers that specify a redirection to file: URLs. A
remote attacker could exploit this to obtain sensitive information or
cause a denial of service. This issue only affected Ubuntu 11.04.
(CVE-2011-1521)

It was discovered that SimpleHTTPServer did not use a charset parameter
in the Content-Type HTTP header. An attacker could potentially exploit
this to conduct cross-site scripting (XSS) attacks against Internet
Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)

It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to
obtain sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)

It was discovered that Python was susceptible to hash algorithm attacks.
An attacker could cause a denial of service under certian circumstances.
This updates adds the '-R' command line option and honors setting the
PYTHONHASHSEED environment variable to 'random' to salt str and datetime
objects with an unpredictable value. (CVE-2012-1150)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
python2.7 2.7.2-5ubuntu1.1
python2.7-minimal 2.7.2-5ubuntu1.1

Ubuntu 11.04:
python2.7 2.7.1-5ubuntu2.2
python2.7-minimal 2.7.1-5ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1592-1
CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845,
CVE-2012-1150

Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.2-5ubuntu1.1
https://launchpad.net/ubuntu/+source/python2.7/2.7.1-5ubuntu2.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121002/422616e0/attachment-0001.pgp>

------------------------------

Message: 4
Date: Tue, 02 Oct 2012 16:47:04 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1593-1] devscripts vulnerabilities
Message-ID: <506B52C8.8060404@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1593-1
October 02, 2012

devscripts vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in devscripts.

Software Description:
- devscripts: scripts to make the life of a Debian Package maintainer easier

Details:

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled
shell metacharacters. If a user or automated system were tricked into
processing a specially crafted filename, a remote attacher could possibly
execute arbitrary code. (CVE-2012-0212)

Raphael Geissert discovered that the dscverify tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. (CVE-2012-2240)

Raphael Geissert discovered that the dget tool incorrectly performed input
validation. If a user or automated system were tricked into processing
specially crafted files, a remote attacher could delete arbitrary files.
(CVE-2012-2241)

Raphael Geissert discovered that the dget tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 11.04. (CVE-2012-2242)

Jim Meyering discovered that the annotate-output tool incorrectly handled
temporary files. A local attacker could use this flaw to alter files being
processed by the annotate-output tool. On Ubuntu 11.04 and later, this
issue was mitigated by the Yama kernel symlink restrictions.
(CVE-2012-3500)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
devscripts 2.11.6ubuntu1.4

Ubuntu 11.10:
devscripts 2.11.1ubuntu3.2

Ubuntu 11.04:
devscripts 2.10.69ubuntu2.2

Ubuntu 10.04 LTS:
devscripts 2.10.61ubuntu5.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1593-1
CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242,
CVE-2012-3500

Package Information:
https://launchpad.net/ubuntu/+source/devscripts/2.11.6ubuntu1.4
https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.3


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121002/a5208f77/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 97, Issue 2
*******************************************************