Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1782-1] libxml2 vulnerability (Marc Deslauriers)
2. Ubuntu 8.04 (Hardy Heron) reaches End of Life on May 9 2013
(Adam Conrad)
3. Ubuntu 10.04 (Lucid Lynx) Desktop reaches End of Life on May
9 2013 (Adam Conrad)
4. Ubuntu 11.10 (Oneiric Ocelot) reaches End of Life on May 9
2013 (Adam Conrad)
----------------------------------------------------------------------
Message: 1
Date: Thu, 28 Mar 2013 10:23:12 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1782-1] libxml2 vulnerability
Message-ID: <51545250.3030407@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1782-1
March 28, 2013
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
libxml2 could be made to hang if it received specially crafted input.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxml2 incorrectly handled XML entity expansion.
An attacker could use this flaw to cause libxml2 to consume large amounts
of resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
libxml2 2.8.0+dfsg1-5ubuntu2.2
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.4
Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.6
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.8
Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.12
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1782-1
CVE-2013-0338
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.8.0+dfsg1-5ubuntu2.2
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.4
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.6
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.8
https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.12
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130328/414087cc/attachment-0001.pgp>
------------------------------
Message: 2
Date: Fri, 29 Mar 2013 00:12:06 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 8.04 (Hardy Heron) reaches End of Life on May 9 2013
Message-ID: <20130329061206.GY29056@0c3.net>
Content-Type: text/plain; charset=us-ascii
Ubuntu announced its 8.04 (Hardy Heron) release almost 5 years ago,
on April 24, 2008. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 5 years. The
support period is now nearing its end and Ubuntu 8.04 will reach end
of life on Thursday, May 9th. At that time, Ubuntu Security Notices
will no longer include information or updated packages for Ubuntu 8.04.
The supported upgrade path from Ubuntu 8.04 is via Ubuntu 10.04.
Users are encouraged to evaluate and upgrade to our latest 12.04 LTS
release via 10.04. Instructions and caveats for the upgrades may be
found at https://help.ubuntu.com/community/LucidUpgrades and
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 10.04 and
12.04 continue to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.
Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.
On behalf of the Ubuntu Release Team,
Adam Conrad
------------------------------
Message: 3
Date: Fri, 29 Mar 2013 00:12:59 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 10.04 (Lucid Lynx) Desktop reaches End of Life on May
9 2013
Message-ID: <20130329061259.GZ29056@0c3.net>
Content-Type: text/plain; charset=us-ascii
Ubuntu announced its 10.04 (Lucid Lynx) release almost 3 years ago,
on April 29, 2010. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 3 years on the
desktop. The support period is now nearing its end and Ubuntu 10.04
Desktop will reach end of life on Thursday, May 9th. At that time,
Ubuntu Security Notices will no longer include information or updated
packages for Ubuntu 10.04 Desktop. Ubuntu 10.04 Server continues to
be supported for another 2 years.
The supported upgrade path from Ubuntu 10.04 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.
Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.
On behalf of the Ubuntu Release Team,
Adam Conrad
------------------------------
Message: 4
Date: Fri, 29 Mar 2013 00:11:09 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 11.10 (Oneiric Ocelot) reaches End of Life on May 9
2013
Message-ID: <20130329061109.GX29056@0c3.net>
Content-Type: text/plain; charset=us-ascii
Ubuntu announced its 11.10 (Oneiric Ocelot) release almost 18 months
ago, on October 13, 2011. As with the earlier releases, Ubuntu
committed to ongoing security and critical fixes for a period of 18
months. The support period is now nearing its end and Ubuntu 11.10
will reach end of life on Thursday, May 9th. At that time, Ubuntu
Security Notices will no longer include information or updated
packages for Ubuntu 11.10.
The supported upgrade path from Ubuntu 11.10 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.
Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.
On behalf of the Ubuntu Release Team,
Adam Conrad
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 102, Issue 15
*********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2013
(149)
-
▼
March
(17)
- ubuntu-security-announce Digest, Vol 102, Issue 16
- ubuntu-security-announce Digest, Vol 102, Issue 15
- ubuntu-security-announce Digest, Vol 102, Issue 14
- ubuntu-security-announce Digest, Vol 102, Issue 13
- ubuntu-security-announce Digest, Vol 102, Issue 12
- ubuntu-security-announce Digest, Vol 102, Issue 11
- ubuntu-security-announce Digest, Vol 102, Issue 10
- ubuntu-security-announce Digest, Vol 102, Issue 9
- ubuntu-security-announce Digest, Vol 102, Issue 8
- ubuntu-security-announce Digest, Vol 102, Issue 7
- ubuntu-security-announce Digest, Vol 102, Issue 6
- Windows Server 2012 Hyper-V Security Features
- ubuntu-security-announce Digest, Vol 102, Issue 5
- ubuntu-security-announce Digest, Vol 102, Issue 4
- ubuntu-security-announce Digest, Vol 102, Issue 3
- ubuntu-security-announce Digest, Vol 102, Issue 2
- ubuntu-security-announce Digest, Vol 102, Issue 1
-
▼
March
(17)
No comments:
Post a Comment