ubuntu-security-announce Digest, Vol 108, Issue 14

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-1976-1] Linux kernel vulnerabilities (John Johansen)
2. [USN-1979-1] txt2man vulnerability (Marc Deslauriers)
3. [USN-1977-1] Linux kernel (EC2) vulnerabilities (John Johansen)
4. [USN-1978-1] libKDcraw vulnerabilities (Marc Deslauriers)
5. [USN-1980-1] Vino vulnerability (Marc Deslauriers)
6. [USN-1981-1] HPLIP vulnerabilities (Marc Deslauriers)


----------------------------------------------------------------------

Message: 1
Date: Mon, 30 Sep 2013 10:24:31 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1976-1] Linux kernel vulnerabilities
Message-ID: <5249B3CF.9020102@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1976-1
September 30, 2013

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

An information leak was discovered in the handling of ICMPv6 Router
Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A
remote attacker could exploit this flaw to cause a denial of service
(excessive retries and address-generation outage), and consequently obtain
sensitive information. (CVE-2013-0343)

Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of
the Linux kernel. A physically proximate attacker could exploit this flaw
to execute arbitrary code or cause a denial of service (heap memory
corruption) via a specially crafted device that provides an invalid Report
ID. (CVE-2013-2888)

Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem
of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically
proximate attacker could cause a denial of service (heap out-of-bounds
write) via a specially crafted device. (CVE-2013-2892)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-52-386 2.6.32-52.114
linux-image-2.6.32-52-generic 2.6.32-52.114
linux-image-2.6.32-52-generic-pae 2.6.32-52.114
linux-image-2.6.32-52-ia64 2.6.32-52.114
linux-image-2.6.32-52-lpia 2.6.32-52.114
linux-image-2.6.32-52-powerpc 2.6.32-52.114
linux-image-2.6.32-52-powerpc-smp 2.6.32-52.114
linux-image-2.6.32-52-powerpc64-smp 2.6.32-52.114
linux-image-2.6.32-52-preempt 2.6.32-52.114
linux-image-2.6.32-52-server 2.6.32-52.114
linux-image-2.6.32-52-sparc64 2.6.32-52.114
linux-image-2.6.32-52-sparc64-smp 2.6.32-52.114
linux-image-2.6.32-52-versatile 2.6.32-52.114
linux-image-2.6.32-52-virtual 2.6.32-52.114

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1976-1
CVE-2013-0343, CVE-2013-2888, CVE-2013-2892

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-52.114


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/2a415f92/attachment-0001.pgp>

------------------------------

Message: 2
Date: Mon, 30 Sep 2013 13:24:58 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1979-1] txt2man vulnerability
Message-ID: <5249B3EA.6060907@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1979-1
September 30, 2013

txt2man vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

txt2man could be made to overwrite files.

Software Description:
- txt2man: Converts flat ASCII text to man page format

Details:

Patrick J Cherry discovered that txt2man contained leftover debugging code
that incorrectly created a temporary file. A local attacker could possibly
use this issue to overwrite arbitrary files. In the default Ubuntu
installation, this should be prevented by the Yama link restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
txt2man 1.5.5-4ubuntu0.13.04.1

Ubuntu 12.10:
txt2man 1.5.5-4ubuntu0.12.10.1

Ubuntu 12.04 LTS:
txt2man 1.5.5-4ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1979-1
CVE-2013-1444

Package Information:
https://launchpad.net/ubuntu/+source/txt2man/1.5.5-4ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/txt2man/1.5.5-4ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/txt2man/1.5.5-4ubuntu0.12.04.1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/4ba8b1d1/attachment-0001.pgp>

------------------------------

Message: 3
Date: Mon, 30 Sep 2013 10:25:04 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1977-1] Linux kernel (EC2) vulnerabilities
Message-ID: <5249B3F0.9090809@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1977-1
September 30, 2013

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

An information leak was discovered in the handling of ICMPv6 Router
Advertisement (RA) messages in the Linux kernel's IPv6 network stack. A
remote attacker could exploit this flaw to cause a denial of service
(excessive retries and address-generation outage), and consequently obtain
sensitive information. (CVE-2013-0343)

Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of
the Linux kernel. A physically proximate attacker could exploit this flaw
to execute arbitrary code or cause a denial of service (heap memory
corruption) via a specially crafted device that provides an invalid Report
ID. (CVE-2013-2888)

Kees Cook discovered a flaw in the Human Interface Device (HID) subsystem
of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled. A physically
proximate attacker could cause a denial of service (heap out-of-bounds
write) via a specially crafted device. (CVE-2013-2892)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-357-ec2 2.6.32-357.70

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1977-1
CVE-2013-0343, CVE-2013-2888, CVE-2013-2892

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-357.70


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/36f55993/attachment-0001.pgp>

------------------------------

Message: 4
Date: Mon, 30 Sep 2013 13:24:24 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1978-1] libKDcraw vulnerabilities
Message-ID: <5249B3C8.8010104@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1978-1
September 30, 2013

libkdcraw vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

libKDcraw could be made to crash if it opened a specially crafted file.

Software Description:
- libkdcraw: RAW picture decoding library

Details:

It was discovered that libKDcraw incorrectly handled photo files. If a user
or automated system were tricked into processing a specially crafted photo
file, applications linked against libKDcraw could be made to crash,
resulting in a denial of service. (CVE-2013-1438, CVE-2013-1439)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libkdcraw20 4:4.8.5-0ubuntu0.3

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1978-1
CVE-2013-1438, CVE-2013-1439

Package Information:
https://launchpad.net/ubuntu/+source/libkdcraw/4:4.8.5-0ubuntu0.3


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/cce9c62a/attachment-0001.pgp>

------------------------------

Message: 5
Date: Mon, 30 Sep 2013 13:25:16 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1980-1] Vino vulnerability
Message-ID: <5249B3FC.7040902@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1980-1
September 30, 2013

vino vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Vino could be made to hang if it received specially crafted network
traffic.

Software Description:
- vino: VNC server for GNOME

Details:

Jonathan Claudius discovered that Vino incorrectly handled closing invalid
connections. A remote attacker could use this issue to cause Vino to
consume resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
vino 3.6.2-0ubuntu4.1

Ubuntu 12.10:
vino 3.6.0-0ubuntu1.2

Ubuntu 12.04 LTS:
vino 3.4.2-0ubuntu1.3

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1980-1
CVE-2013-5745

Package Information:
https://launchpad.net/ubuntu/+source/vino/3.6.2-0ubuntu4.1
https://launchpad.net/ubuntu/+source/vino/3.6.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/vino/3.4.2-0ubuntu1.3


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/2784e16e/attachment-0001.pgp>

------------------------------

Message: 6
Date: Mon, 30 Sep 2013 14:51:47 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1981-1] HPLIP vulnerabilities
Message-ID: <5249C843.10307@canonical.com>
Content-Type: text/plain; charset="utf-8"

==========================================================================
Ubuntu Security Notice USN-1981-1
September 30, 2013

hplip vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

HPLIP could be made to overwrite files.

Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)

Details:

It was discovered that HPLIP incorrectly handled temporary files when using
the fax capabilities. A local attacker could possibly use this issue to
overwrite arbitrary files. This issue only applied to Ubuntu 10.04 LTS.
(CVE-2011-2722)

Tim Waugh discovered that HPLIP incorrectly handled temporary files when
printing. A local attacker could possibly use this issue to overwrite
arbitrary files. In the default installation of Ubuntu 12.04 LTS and Ubuntu
12.10, this should be prevented by the Yama link restrictions.
(CVE-2013-0200)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
hplip 3.12.6-3ubuntu4.2

Ubuntu 12.04 LTS:
hplip 3.12.2-1ubuntu3.3

Ubuntu 10.04 LTS:
hplip 3.10.2-2ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1981-1
CVE-2011-2722, CVE-2013-0200

Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.12.6-3ubuntu4.2
https://launchpad.net/ubuntu/+source/hplip/3.12.2-1ubuntu3.3
https://launchpad.net/ubuntu/+source/hplip/3.10.2-2ubuntu2.4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130930/140b9b03/attachment.pgp>

------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 108, Issue 14
*********************************************************