ubuntu-security-announce Digest, Vol 101, Issue 7

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1727-1] Boost vulnerability (Marc Deslauriers)
2. [USN-1728-1] Linux kernel (EC2) vulnerability (John Johansen)


----------------------------------------------------------------------

Message: 1
Date: Mon, 18 Feb 2013 08:44:44 -0500
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1727-1] Boost vulnerability
Message-ID: <5122304C.40001@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1727-1
February 18, 2013

boost1.49 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Boost incorrectly validated certain UTF-8 sequences.

Software Description:
- boost1.49: C++ representation of time duration, time point, and clocks

Details:

It was discovered that the Boost.Locale library incorrectly validated some
invalid UTF-8 sequences. An attacker could possibly use this issue to
bypass input validation in certain applications.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libboost-locale1.49.0 1.49.0-3.1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1727-1
CVE-2013-0252

Package Information:
https://launchpad.net/ubuntu/+source/boost1.49/1.49.0-3.1ubuntu1.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130218/de5771fc/attachment-0001.pgp>

------------------------------

Message: 2
Date: Mon, 18 Feb 2013 21:03:43 -0800
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1728-1] Linux kernel (EC2) vulnerability
Message-ID: <512307AF.4020808@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1728-1
February 19, 2013

linux-ec2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-350-ec2 2.6.32-350.60

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1728-1
CVE-2013-0190

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-350.60

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130218/65d3afac/attachment-0001.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 101, Issue 7
********************************************************