Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1926-1] SPICE vulnerability (Marc Deslauriers)
2. [USN-1927-1] libimobiledevice vulnerability (Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Wed, 14 Aug 2013 11:25:41 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1926-1] SPICE vulnerability
Message-ID: <520BA175.1030007@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1926-1
August 14, 2013
spice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
Summary:
SPICE could be made to crash if it received specially crafted network
traffic.
Software Description:
- spice: SPICE protocol client and server library
Details:
David Gibson discovered that SPICE incorrectly handled certain network
errors. An attacker could use this issue to cause the SPICE server to
crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libspice-server1 0.12.2-0nocelt2expubuntu1.1
After a standard system update you need to restart applications using the
SPICE protocol, such as QEMU, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1926-1
CVE-2013-4130
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.12.2-0nocelt2expubuntu1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130814/0df41d7b/attachment-0001.pgp>
------------------------------
Message: 2
Date: Wed, 14 Aug 2013 14:58:21 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1927-1] libimobiledevice vulnerability
Message-ID: <520BD34D.4090005@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1927-1
August 14, 2013
libimobiledevice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
Summary:
libimobiledevice could be made to overwrite files as the administrator, or
access device keys.
Software Description:
- libimobiledevice: Library for communicating with iPhone and iPod Touch devices
Details:
Paul Collins discovered that libimobiledevice incorrectly handled temporary
files. A local attacker could possibly use this issue to overwrite
arbitrary files and access device keys. In the default Ubuntu installation,
this issue should be mitigated by the Yama link restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libimobiledevice3 1.1.4-1ubuntu6.2
Ubuntu 12.10:
libimobiledevice3 1.1.4-1ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1927-1
CVE-2013-2142
Package Information:
https://launchpad.net/ubuntu/+source/libimobiledevice/1.1.4-1ubuntu6.2
https://launchpad.net/ubuntu/+source/libimobiledevice/1.1.4-1ubuntu3.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130814/b6973704/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 107, Issue 3
********************************************************
News
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment