Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-2143-1] cups-filters vulnerabilities (Marc Deslauriers)
2. [USN-2144-1] CUPS vulnerabilities (Marc Deslauriers)
3. [USN-2145-1] libssh vulnerability (Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Mar 2014 08:19:15 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-2143-1] cups-filters vulnerabilities
Message-ID: <532050C3.9010806@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-2143-1
March 12, 2014
cups-filters vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
cups-filters could be made to run programs as the lp user if it processed a
specially crafted file.
Software Description:
- cups-filters: OpenPrinting CUPS Filters
Details:
Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. This issue only
affected Ubuntu 13.10. (CVE-2013-6473)
Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. (CVE-2013-6474,
CVE-2013-6475)
Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
cups-filters 1.0.40-0ubuntu1.1
Ubuntu 12.10:
cups-filters 1.0.24-2ubuntu0.2
Ubuntu 12.04 LTS:
cups-filters 1.0.18-0ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2143-1
CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.0.40-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups-filters/1.0.24-2ubuntu0.2
https://launchpad.net/ubuntu/+source/cups-filters/1.0.18-0ubuntu0.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140312/d286505c/attachment-0001.pgp>
------------------------------
Message: 2
Date: Wed, 12 Mar 2014 08:19:49 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-2144-1] CUPS vulnerabilities
Message-ID: <532050E5.5090905@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-2144-1
March 12, 2014
cups vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to run programs as the lp user if it processed a
specially crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package incorrectly handled memory. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6474, CVE-2013-6475)
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package did not restrict driver directories. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2144-1
CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
Package Information:
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.10
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140312/0e33b039/attachment-0001.pgp>
------------------------------
Message: 3
Date: Wed, 12 Mar 2014 09:42:12 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-2145-1] libssh vulnerability
Message-ID: <53206434.9080603@canonical.com>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-2145-1
March 12, 2014
libssh vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
A security issue was fixed in libssh.
Software Description:
- libssh: A tiny C SSH library
Details:
Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to
be reused when implementing forking servers. This could allow an attacker
to possibly obtain information about the state of the PRNG and perform
cryptographic attacks.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libssh-4 0.5.4-1ubuntu0.1
Ubuntu 12.10:
libssh-4 0.5.2-1ubuntu0.12.10.3
Ubuntu 12.04 LTS:
libssh-4 0.5.2-1ubuntu0.12.04.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2145-1
CVE-2014-0017
Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.5.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.10.3
https://launchpad.net/ubuntu/+source/libssh/0.5.2-1ubuntu0.12.04.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140312/ca8d7654/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 114, Issue 9
********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2014
(407)
-
▼
March
(17)
- ubuntu-security-announce Digest, Vol 114, Issue 17
- ubuntu-security-announce Digest, Vol 114, Issue 16
- ubuntu-security-announce Digest, Vol 114, Issue 15
- ubuntu-security-announce Digest, Vol 114, Issue 14
- ubuntu-security-announce Digest, Vol 114, Issue 13
- ubuntu-security-announce Digest, Vol 114, Issue 12
- ubuntu-security-announce Digest, Vol 114, Issue 11
- ubuntu-security-announce Digest, Vol 114, Issue 10
- ubuntu-security-announce Digest, Vol 114, Issue 9
- ubuntu-security-announce Digest, Vol 114, Issue 8
- ubuntu-security-announce Digest, Vol 114, Issue 7
- ubuntu-security-announce Digest, Vol 114, Issue 6
- ubuntu-security-announce Digest, Vol 114, Issue 5
- ubuntu-security-announce Digest, Vol 114, Issue 4
- ubuntu-security-announce Digest, Vol 114, Issue 3
- ubuntu-security-announce Digest, Vol 114, Issue 2
- ubuntu-security-announce Digest, Vol 114, Issue 1
-
▼
March
(17)
No comments:
Post a Comment