ubuntu-security-announce Digest, Vol 105, Issue 4

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1862-1] libxrandr vulnerability (Marc Deslauriers)
2. [USN-1855-1] libxcb vulnerability (Marc Deslauriers)
3. [USN-1865-1] libxt vulnerabilities (Marc Deslauriers)
4. [USN-1866-1] libxtst vulnerability (Marc Deslauriers)
5. [USN-1867-1] libxv vulnerabilities (Marc Deslauriers)
6. [USN-1870-1] libxxf86vm vulnerability (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Wed, 05 Jun 2013 14:28:54 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1862-1] libxrandr vulnerability
Message-ID: <51AF8366.8010706@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1862-1
June 05, 2013

libxrandr, libxrandr-lts-quantal vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in libxrandr.

Software Description:
- libxrandr: X11 RandR extension library
- libxrandr-lts-quantal: X11 RandR extension library

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxrandr2 2:1.4.0-1ubuntu1.1

Ubuntu 12.10:
libxrandr2 2:1.4.0-1ubuntu0.1

Ubuntu 12.04 LTS:
libxrandr-ltsq2 2:1.4.0-1~precise2
libxrandr2 2:1.3.2-2ubuntu0.2

After a standard system update you need to restart your session to make all
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1862-1
CVE-2013-1986

Package Information:
https://launchpad.net/ubuntu/+source/libxrandr/2:1.4.0-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libxrandr/2:1.4.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxrandr/2:1.3.2-2ubuntu0.2

https://launchpad.net/ubuntu/+source/libxrandr-lts-quantal/2:1.4.0-1~precise2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/e4d10692/attachment-0001.pgp>

------------------------------

Message: 2
Date: Wed, 05 Jun 2013 14:26:38 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1855-1] libxcb vulnerability
Message-ID: <51AF82DE.60407@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1855-1
June 05, 2013

libxcb vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libxcb.

Software Description:
- libxcb: X C Binding

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxcb1 1.8.1-2ubuntu2.1

Ubuntu 12.10:
libxcb1 1.8.1-1ubuntu1.1

Ubuntu 12.04 LTS:
libxcb1 1.8.1-1ubuntu0.2

Ubuntu 10.04 LTS:
libxcb1 1.5-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1855-1
CVE-2013-2064

Package Information:
https://launchpad.net/ubuntu/+source/libxcb/1.8.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/libxcb/1.8.1-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libxcb/1.8.1-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libxcb/1.5-2ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/ed97441c/attachment.pgp>

------------------------------

Message: 3
Date: Wed, 05 Jun 2013 14:29:52 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1865-1] libxt vulnerabilities
Message-ID: <51AF83A0.4040908@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1865-1
June 05, 2013

libxt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libxt.

Software Description:
- libxt: X11 toolkit intrinsics library

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxt6 1:1.1.3-1ubuntu0.13.04.1

Ubuntu 12.10:
libxt6 1:1.1.3-1ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxt6 1:1.1.1-2ubuntu0.1

Ubuntu 10.04 LTS:
libxt6 1:1.0.7-1ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1865-1
CVE-2013-2002, CVE-2013-2005

Package Information:
https://launchpad.net/ubuntu/+source/libxt/1:1.1.3-1ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxt/1:1.1.3-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxt/1:1.1.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libxt/1:1.0.7-1ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/b4f095e1/attachment.pgp>

------------------------------

Message: 4
Date: Wed, 05 Jun 2013 14:30:10 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1866-1] libxtst vulnerability
Message-ID: <51AF83B2.3070205@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1866-1
June 05, 2013

libxtst vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libxtst.

Software Description:
- libxtst: X11 Record extension library

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxtst6 2:1.2.1-1ubuntu0.13.04.1

Ubuntu 12.10:
libxtst6 2:1.2.1-1ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxtst6 2:1.2.0-4ubuntu0.1

Ubuntu 10.04 LTS:
libxtst6 2:1.1.0-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1866-1
CVE-2013-2063

Package Information:
https://launchpad.net/ubuntu/+source/libxtst/2:1.2.1-1ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxtst/2:1.2.1-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxtst/2:1.2.0-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libxtst/2:1.1.0-2ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/ceee39fc/attachment.pgp>

------------------------------

Message: 5
Date: Wed, 05 Jun 2013 14:30:29 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1867-1] libxv vulnerabilities
Message-ID: <51AF83C5.9010105@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1867-1
June 05, 2013

libxv vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in libxv.

Software Description:
- libxv: X11 Video extension library

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxv1 2:1.0.7-1ubuntu0.13.04.1

Ubuntu 12.10:
libxv1 2:1.0.7-1ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxv1 2:1.0.6-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1867-1
CVE-2013-1989, CVE-2013-2066

Package Information:
https://launchpad.net/ubuntu/+source/libxv/2:1.0.7-1ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxv/2:1.0.7-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxv/2:1.0.6-2ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/8c4b1fea/attachment.pgp>

------------------------------

Message: 6
Date: Wed, 05 Jun 2013 14:31:28 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1870-1] libxxf86vm vulnerability
Message-ID: <51AF8400.6040002@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"

==========================================================================
Ubuntu Security Notice USN-1870-1
June 05, 2013

libxxf86vm vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in libxxf86vm.

Software Description:
- libxxf86vm: X11 XFree86 video mode extension library

Details:

Ilja van Sprundel discovered multiple security issues in various X.org
libraries and components. An attacker could use these issues to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libxxf86vm1 1:1.1.2-1ubuntu0.13.04.1

Ubuntu 12.10:
libxxf86vm1 1:1.1.2-1ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libxxf86vm1 1:1.1.1-2ubuntu0.1

Ubuntu 10.04 LTS:
libxxf86vm1 1:1.1.0-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1870-1
CVE-2013-2001

Package Information:
https://launchpad.net/ubuntu/+source/libxxf86vm/1:1.1.2-1ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/libxxf86vm/1:1.1.2-1ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/libxxf86vm/1:1.1.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libxxf86vm/1:1.1.0-2ubuntu0.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130605/7d4f0593/attachment.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 105, Issue 4
********************************************************