Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1494-1] Linux kernel (OMAP4) vulnerability (John Johansen)
2. [USN-1495-1] LibreOffice vulnerabilities (Jamie Strandboge)
3. [USN-1496-1] OpenOffice.org vulnerabilities (Jamie Strandboge)
----------------------------------------------------------------------
Message: 1
Date: Mon, 02 Jul 2012 07:02:44 -0700
From: John Johansen <john.johansen@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1494-1] Linux kernel (OMAP4) vulnerability
Message-ID: <4FF1AA04.4010700@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1494-1
July 02, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's NFSv4 (Network file system)
handling of ACLs (access control lists). A remote NFS server (attacker)
could cause a denial of service (OOPS).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1415-omap4 3.2.0-1415.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1494-1
CVE-2012-2375
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1415.20
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120702/7b308120/attachment-0001.pgp>
------------------------------
Message: 2
Date: Mon, 02 Jul 2012 20:57:20 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1495-1] LibreOffice vulnerabilities
Message-ID: <1341280640.639.4.camel@localhost>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1495-1
July 02, 2012
libreoffice, libreoffice-l10n vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
LibreOffice could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
- libreoffice-l10n: Office productivity suite help
Details:
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause LibreOffice to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause LibreOffice to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libreoffice-core 1:3.4.4-0ubuntu1.2
libreoffice-l10n-common 1:3.4.4-0ubuntu1.2
Ubuntu 11.04:
libreoffice-core 1:3.3.4-0ubuntu1.2
libreoffice-l10n-common 1:3.3.3-1ubuntu1.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1495-1
CVE-2012-1149, CVE-2012-2334
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice/1:3.3.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.3.3-1ubuntu1.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120702/69b6697b/attachment-0001.pgp>
------------------------------
Message: 3
Date: Mon, 02 Jul 2012 20:58:27 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1496-1] OpenOffice.org vulnerabilities
Message-ID: <1341280707.639.5.camel@localhost>
Content-Type: text/plain; charset="utf-8"
==========================================================================
Ubuntu Security Notice USN-1496-1
July 02, 2012
openoffice.org vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
OpenOffice.org could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Software Description:
- openoffice.org: Office productivity suite
Details:
A stack-based buffer overflow was discovered in the Lotus Word Pro import
filter in OpenOffice.org. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
(CVE-2011-2685)
Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash
if it opened a specially crafted Word document. (CVE-2011-2713)
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause OpenOffice.org to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause OpenOffice.org to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
openoffice.org-core 1:3.2.0-7ubuntu4.3
After a standard system update you need to restart OpenOffice.org to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1496-1
CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
Package Information:
https://launchpad.net/ubuntu/+source/openoffice.org/1:3.2.0-7ubuntu4.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120702/7d7d681b/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 94, Issue 1
*******************************************************
No comments:
Post a Comment