Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1674-1] Libav vulnerabilities (Marc Deslauriers)
2. [USN-1675-1] FFmpeg vulnerabilities (Marc Deslauriers)
3. [USN-1676-1] AppArmor update (Jamie Strandboge)
----------------------------------------------------------------------
Message: 1
Date: Wed, 19 Dec 2012 08:47:20 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1674-1] Libav vulnerabilities
Message-ID: <50D1C568.4070909@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1674-1
December 19, 2012
libav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Libav could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- libav: Multimedia player, server, encoder and transcoder
Details:
It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libavcodec53 4:0.7.6-0ubuntu0.11.10.2
libavformat53 4:0.7.6-0ubuntu0.11.10.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1674-1
CVE-2012-2772, CVE-2012-2775, CVE-2012-2777, CVE-2012-2779,
CVE-2012-2784, CVE-2012-2786, CVE-2012-2788, CVE-2012-2789,
CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2798,
CVE-2012-2800, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121219/871f45c8/attachment-0001.pgp>
------------------------------
Message: 2
Date: Wed, 19 Dec 2012 08:47:42 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1675-1] FFmpeg vulnerabilities
Message-ID: <50D1C57E.4050302@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1675-1
December 19, 2012
ffmpeg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- ffmpeg: multimedia player, server and encoder
Details:
It was discovered that FFmpeg incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libavcodec52 4:0.5.9-0ubuntu0.10.04.2
libavformat52 4:0.5.9-0ubuntu0.10.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1675-1
CVE-2012-2777, CVE-2012-2784, CVE-2012-2788, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.9-0ubuntu0.10.04.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121219/a5c661db/attachment-0001.pgp>
------------------------------
Message: 3
Date: Wed, 19 Dec 2012 16:45:35 -0600
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1676-1] AppArmor update
Message-ID: <50D2438F.2040601@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1676-1
December 19, 2012
AppArmor update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
A weakness was discovered in the example AppArmor profile for
chromium-browser.
Software Description:
- apparmor: Linux security system
Details:
Dan Rosenberg discovered that the example AppArmor profile for
chromium-browser could be escaped by calling xdg-settings with a crafted
environment.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apparmor-profiles 2.7.102-0ubuntu3.7
Ubuntu 11.10:
apparmor-profiles 2.7.0~beta1+bzr1774-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1676-1
https://launchpad.net/bugs/1045986
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.7
https://launchpad.net/ubuntu/+source/apparmor/2.7.0~beta1+bzr1774-1ubuntu2.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20121219/f7d6ea42/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 99, Issue 10
********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2012
(533)
-
▼
December
(10)
- ubuntu-security-announce Digest, Vol 99, Issue 12
- ubuntu-security-announce Digest, Vol 99, Issue 11
- ubuntu-security-announce Digest, Vol 99, Issue 10
- ubuntu-security-announce Digest, Vol 99, Issue 9
- ubuntu-security-announce Digest, Vol 99, Issue 8
- ubuntu-security-announce Digest, Vol 99, Issue 7
- ubuntu-security-announce Digest, Vol 99, Issue 4
- ubuntu-security-announce Digest, Vol 99, Issue 3
- ubuntu-security-announce Digest, Vol 99, Issue 2
- ubuntu-security-announce Digest, Vol 99, Issue 1
-
▼
December
(10)
No comments:
Post a Comment