ubuntu-security-announce Digest, Vol 104, Issue 7

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1821-1] telepathy-idle vulnerability (Marc Deslauriers)
2. Ubuntu 10.04 (Lucid Lynx) Desktop End of Life reached on May
9, 2013 (Adam Conrad)
3. Ubuntu 8.04 (Hardy Heron) End of Life reached on May 9, 2013
(Adam Conrad)
4. Ubuntu 11.10 (Oneiric Ocelot) End of Life reached on May 9,
2013 (Adam Conrad)


----------------------------------------------------------------------

Message: 1
Date: Thu, 09 May 2013 10:54:31 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1821-1] telepathy-idle vulnerability
Message-ID: <518BB8A7.40501@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1821-1
May 09, 2013

telepathy-idle vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

telepathy-idle could be made to expose sensitive information over the
network.

Software Description:
- telepathy-idle: IRC connection manager for Telepathy

Details:

It was discovered that telepathy-idle did not perform any server
certificate validation when using SSL connections. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to alter or compromise confidential information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
telepathy-idle 0.1.14-1ubuntu0.1

Ubuntu 12.10:
telepathy-idle 0.1.12-1ubuntu0.1

Ubuntu 12.04 LTS:
telepathy-idle 0.1.11-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1821-1
CVE-2007-6746

Package Information:
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.14-1ubuntu0.1
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.12-1ubuntu0.1
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.11-2ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130509/9f7d4db3/attachment-0001.pgp>

------------------------------

Message: 2
Date: Thu, 9 May 2013 14:03:39 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 10.04 (Lucid Lynx) Desktop End of Life reached on May
9, 2013
Message-ID: <20130509200338.GR29056@0c3.net>
Content-Type: text/plain; charset=us-ascii

This is a follow-up to the End of Life warning sent last month to
confirm that as of today (May 9, 2013), Ubuntu 10.04 Desktop is no
longer supported. This announcement is for the desktop product only,
Ubuntu 10.04 Server is still supported for another two years.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 10.04 (Lucid Lynx) release almost 3 years ago,
on April 29, 2010. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 3 years on the
desktop. The support period is now nearing its end and Ubuntu 10.04
Desktop will reach end of life on Thursday, May 9th. At that time,
Ubuntu Security Notices will no longer include information or updated
packages for Ubuntu 10.04 Desktop. Ubuntu 10.04 Server continues to
be supported for another 2 years.

The supported upgrade path from Ubuntu 10.04 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad



------------------------------

Message: 3
Date: Thu, 9 May 2013 14:05:04 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 8.04 (Hardy Heron) End of Life reached on May 9, 2013
Message-ID: <20130509200504.GS29056@0c3.net>
Content-Type: text/plain; charset=us-ascii

This is a follow-up to the End of Life warning sent last month to
confirm that as of today (May 9, 2013), Ubuntu 8.04 is no longer
supported. No more package updates will be accepted to 8.04, and
it will be archived to old-releases.ubuntu.com in the coming weeks.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 8.04 (Hardy Heron) release almost 5 years ago,
on April 24, 2008. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 5 years. The
support period is now nearing its end and Ubuntu 8.04 will reach end
of life on Thursday, May 9th. At that time, Ubuntu Security Notices
will no longer include information or updated packages for Ubuntu 8.04.

The supported upgrade path from Ubuntu 8.04 is via Ubuntu 10.04.
Users are encouraged to evaluate and upgrade to our latest 12.04 LTS
release via 10.04. Instructions and caveats for the upgrades may be
found at https://help.ubuntu.com/community/LucidUpgrades and
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 10.04 and
12.04 continue to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad



------------------------------

Message: 4
Date: Thu, 9 May 2013 14:06:34 -0600
From: Adam Conrad <adconrad@ubuntu.com>
To: ubuntu-announce@lists.ubuntu.com
Cc: ubuntu-security-announce@lists.ubuntu.com
Subject: Ubuntu 11.10 (Oneiric Ocelot) End of Life reached on May 9,
2013
Message-ID: <20130509200634.GT29056@0c3.net>
Content-Type: text/plain; charset=us-ascii

This is a follow-up to the End of Life warning sent last month to
confirm that as of today (May 9, 2013), Ubuntu 11.10 is no longer
supported. No more package updates will be accepted to 11.10, and
it will be archived to old-releases.ubuntu.com in the coming weeks.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 11.10 (Oneiric Ocelot) release almost 18 months
ago, on October 13, 2011. As with the earlier releases, Ubuntu
committed to ongoing security and critical fixes for a period of 18
months. The support period is now nearing its end and Ubuntu 11.10
will reach end of life on Thursday, May 9th. At that time, Ubuntu
Security Notices will no longer include information or updated
packages for Ubuntu 11.10.

The supported upgrade path from Ubuntu 11.10 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad



------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 104, Issue 7
********************************************************