RSS

USN-931-2: FFmpeg regression

By Scott LaPlant Filed in Ubuntu July 22nd, 2010 @ 5:30 am
Description: 
===========================================================
Ubuntu Security Notice USN-931-2 April 26, 2010
ffmpeg, ffmpeg-debian regression

https://launchpad.net/bugs/567913

===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libavcodec1d 3:0.cvs20070307-5ubuntu7.5
libavformat1d 3:0.cvs20070307-5ubuntu7.5

Ubuntu 8.10:
libavcodec51 3:0.svn20080206-12ubuntu3.3
libavformat52 3:0.svn20080206-12ubuntu3.3

Ubuntu 9.04:
libavcodec52 3:0.svn20090303-1ubuntu6.2
libavformat52 3:0.svn20090303-1ubuntu6.2

Ubuntu 9.10:
libavcodec52 4:0.5+svn20090706-2ubuntu2.2
libavformat52 4:0.5+svn20090706-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced a
regression when trying to play certain multimedia files. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that FFmpeg contained multiple security issues when
handling certain multimedia files. If a user were tricked into opening a
crafted multimedia file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.

USN-931-2: FFmpeg regression from Ubuntu – news, usn

Ubuntu 10.04 LTS supports ISVs

By Scott LaPlant Filed in Ubuntu July 19th, 2010 @ 8:50 am

Canonical
announces strong ISV and open source ecosystem support for Ubuntu
10.04 LTS

London,
April 27, 2010:
Canonical today revealed strong software vendor support for the
upcoming Ubuntu 10.04 LTS (Long-term
Support) release for both server and desktop. Ubuntu 10.04 LTS, to be
released on 29 April 2010, will ship with hundreds
of open source applications available at install with many more open
source and proprietary applications becoming available in the days
and weeks following.

read more

Ubuntu 10.04 LTS supports ISVs from Ubuntu – news, usn

Ubuntu 10.04 LTS Server Edition

By Scott LaPlant Filed in Ubuntu July 16th, 2010 @ 11:45 am

Canonical’s
Ubuntu 10.04 LTS Server Edition features the ideal deployment
platform for Linux
server workloads and cloud computing

Long-term
support (LTS) version of popular server operating
system generally available on 29 April

read more

Ubuntu 10.04 LTS Server Edition from Ubuntu – news, usn

Ubuntu 10.04 LTS

By Scott LaPlant Filed in Ubuntu July 13th, 2010 @ 8:50 am

Canonical’s
Ubuntu 10.04 LTS Desktop Edition features three years of support, an
online music store, a new look and social network integration

Long-term support
(LTS) version of popular desktop operating system generally available
on 29 April

read more

Ubuntu 10.04 LTS from Ubuntu – news, usn

USN-933-1: PostgreSQL vulnerability

By Scott LaPlant Filed in Ubuntu July 10th, 2010 @ 2:10 pm
Referenced CVEs: 
CVE-2010-0442

Description: 
===========================================================
Ubuntu Security Notice USN-933-1 April 28, 2010
postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
CVE-2010-0442
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
postgresql-8.1 8.1.20-0ubuntu0.6.06.1

Ubuntu 8.04 LTS:
postgresql-8.3 8.3.10-0ubuntu8.04.1

Ubuntu 9.04:
postgresql-8.3 8.3.10-0ubuntu9.04.1

Ubuntu 9.10:
postgresql-8.4 8.4.3-0ubuntu9.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that PostgreSQL did not properly sanitize its input when
using substring() with a SELECT statement. A remote authenticated attacker
could exploit this to cause a denial of service via application crash.

USN-933-1: PostgreSQL vulnerability from Ubuntu – news, usn

USN-934-1: Netpbm vulnerability

By Scott LaPlant Filed in Ubuntu July 7th, 2010 @ 8:50 am
Referenced CVEs: 
CVE-2009-4274

Description: 
===========================================================
Ubuntu Security Notice USN-934-1 April 29, 2010
netpbm-free vulnerability
CVE-2009-4274
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
netpbm 2:10.0-11.1ubuntu0.1

Ubuntu 9.04:
netpbm 2:10.0-12ubuntu0.9.04.1

Ubuntu 9.10:
netpbm 2:10.0-12ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Marc Schoenefeld discovered a buffer overflow in Netpbm when loading
certain images. If a user or automated system were tricked into opening a
specially crafted XPM image, a remote attacker could crash Netpbm. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service.

USN-934-1: Netpbm vulnerability from Ubuntu – news, usn

USN-936-1: dvipng vulnerability

By Scott LaPlant Filed in Ubuntu July 4th, 2010 @ 7:30 am
Referenced CVEs: 
CVE-2010-0829

Description: 
===========================================================
Ubuntu Security Notice USN-936-1 May 06, 2010
dvipng vulnerability
CVE-2010-0829
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
dvipng 1.11-1ubuntu0.9.04.1

Ubuntu 9.10:
dvipng 1.11-1ubuntu0.9.10.1

Ubuntu 10.04 LTS:
dvipng 1.12-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.

USN-936-1: dvipng vulnerability from Ubuntu – news, usn

USN-937-1: TeX Live vulnerabilities

By Scott LaPlant Filed in Ubuntu July 1st, 2010 @ 6:10 am
Referenced CVEs: 
CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440

Description: 
===========================================================
Ubuntu Security Notice USN-937-1 May 06, 2010
texlive-bin vulnerabilities
CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
texlive-base-bin 2007.dfsg.1-2ubuntu0.1

Ubuntu 9.04:
texlive-base-bin 2007.dfsg.2-4ubuntu2.1

Ubuntu 9.10:
texlive-base-bin 2007.dfsg.2-7ubuntu1.1

Ubuntu 10.04 LTS:
texlive-binaries 2009-5ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that TeX Live incorrectly handled certain long .bib
bibliography files. If a user or automated system were tricked into
processing a specially crafted bib file, an attacker could cause a denial
of service via application crash. This issue only affected Ubuntu 8.04 LTS,
9.04 and 9.10. (CVE-2009-1284)

Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live
incorrectly handled certain malformed dvi files. If a user or automated
system were tricked into processing a specially crafted dvi file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2010-0739, CVE-2010-1440)

Dan Rosenberg discovered that TeX Live incorrectly handled certain
malformed dvi files. If a user or automated system were tricked into
processing a specially crafted dvi file, an attacker could cause a denial
of service via application crash, or possibly execute arbitrary code with
the privileges of the user invoking the program. (CVE-2010-0827)

USN-937-1: TeX Live vulnerabilities from Ubuntu – news, usn

Copyright © Scott LaPlant
Swell Chap that loves Linux

Built on Notes Blog Core
Powered by WordPress