English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 126339 CVE Beschreibungen
und 74190 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

==========================================================================
Ubuntu Security Notice USN-1555-1
September 05, 2012

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2372)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  linux-image-2.6.32-42-386       2.6.32-42.96
  linux-image-2.6.32-42-generic   2.6.32-42.96
  linux-image-2.6.32-42-generic-pae  2.6.32-42.96
  linux-image-2.6.32-42-ia64      2.6.32-42.96
  linux-image-2.6.32-42-lpia      2.6.32-42.96
  linux-image-2.6.32-42-powerpc   2.6.32-42.96
  linux-image-2.6.32-42-powerpc-smp  2.6.32-42.96
  linux-image-2.6.32-42-powerpc64-smp  2.6.32-42.96
  linux-image-2.6.32-42-preempt   2.6.32-42.96
  linux-image-2.6.32-42-server    2.6.32-42.96
  linux-image-2.6.32-42-sparc64   2.6.32-42.96
  linux-image-2.6.32-42-sparc64-smp  2.6.32-42.96
  linux-image-2.6.32-42-versatile  2.6.32-42.96
  linux-image-2.6.32-42-virtual   2.6.32-42.96

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1555-1
  CVE-2012-0044, CVE-2012-2372

Package Information:
  https://launchpad.net/ubuntu/+source/linux/2.6.32-42.96


--------------080609090007060407030809
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------080609090007060407030809--

--------------enig2CE84E09A01B6437D7F9B479
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQR0f9AAoJEAUvNnAY1cPYGaEP/24iFNevQhhmU1igqoEyENFY
IF6SjwYngFgpIw8JhTHkfot1sTGatq/U598YQrVDIetZzT+1ggQPiB2b2tjkHCoD
ZZ9NEY0M1DJnTJ11wys6cErleWaFHIvKB094HK16U8tIYD/S3mPw/m+L95yqtIAH
vnjJkIaa+IjhaLRFDlzmZo5xXwI79fKPx4lGgXGNDx/YG0Do4Jah8TTUXFbeE3oQ
+QapCIkNR9+orxhOqjRz4DzS2bw/W78t/mplRoBxnMDtfuDQ6iwyzlcViqfrnw6q
LsZQNvSCqIq2Ls1lAGuGwoyiBCXqOnRgZtITfmY+w4zAqoGOw3VFpaNsxvXsmQha
Y8FnsUaRt8Twm4lVKmNq1GQsD74b+VJKXV8z2VlXiuJUJO6+sGJSAEpB+7oESqMn
SBwjULtiEvRF32+LaHHF3nwpcTTjdPWX+ZMs9ZhZ9d+RCaIk2Xd8M/dVNphVmzGZ
WsclIcm2wOeJqa+BvBpJSKxjU8KS8g/i/TGWfexEyiY9oH/lZ5lXo2oleJ5LV1S6
ec40lNtSUTUT28PkccrMitOTaW9i19fX3XudKR68nfcaQ6vn4jaSH3G9YjBttkdV
PAEv/r6HXNS7M9mhFXeSIKpLTRuJPNzfMeifOWVGbaeqSTiQF1MHnfhbGkJotGYs
3vs+mJHsa5rVEMa/Ads+
=mSu6
-----END PGP SIGNATURE-----

--------------enig2CE84E09A01B6437D7F9B479--


--==============82923238139359529=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============82923238139359529==--

From - Thu Sep  6 20:03:01 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001ecc2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id 2DDDCEF657
for <lists@securityspace.com>; Thu,  6 Sep 2012 19:54:54 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1T9lro-00089M-1i; Thu, 06 Sep 2012 23:52:12 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9lnf-0007i7-BX
for ubuntu-security-announce@lists.ubuntu.com;
Thu, 06 Sep 2012 23:47:55 +0000
Received: from static-50-53-53-239.bvtn.or.frontiernet.net ([50.53.53.239]
helo=[192.168.192.110]) by youngberry.canonical.com with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9lou-0001Gy-Bn
for ubuntu-security-announce@lists.ubuntu.com;
Thu, 06 Sep 2012 23:49:12 +0000
Message-ID: <50493674.5060903@canonical.com>
Date: Thu, 06 Sep 2012 16:49:08 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
Followup-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1556-1] Linux kernel (EC2) vulnerabilities
X-Enigmail-Version: 1.4.4
X-Mailman-Approved-At: Thu, 06 Sep 2012 23:52:07 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, security@ubuntu.com
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============H90213868267741215=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============H90213868267741215=Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigDB2C70FD44936BD43DDCA621"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigDB2C70FD44936BD43DDCA621
Content-Type: multipart/mixed;
 boundary="------------030402040907060008010409"

This is a multi-part message in MIME format.
--------------030402040907060008010409
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1556-1
September 06, 2012

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

Chen Haogang discovered an integer overflow that could result in memory
corruption. A local unprivileged user could use this to crash the system.
(CVE-2012-0044)

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2372)

Some errors where discovered in the Linux kernel's UDF file system, which
is used to mount some CD-ROMs and DVDs. An unprivileged local user could
use these flaws to crash the system. (CVE-2012-3400)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
  linux-image-2.6.32-347-ec2      2.6.32-347.53

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1556-1
  CVE-2012-0044, CVE-2012-2372, CVE-2012-3400

Package Information:
  https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-347.53


--------------030402040907060008010409
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------030402040907060008010409--

--------------enigDB2C70FD44936BD43DDCA621
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQSTZ0AAoJEAUvNnAY1cPY/XsP/iTMmcv8yQtL3Ld0dnCeoYIF
3QPZHSm0XJ8z/Fi0eYlywpkRWpDsHw2Z3nQeJVcZ57KkLyyA1sxJZQcm4Je9cczD
F83ojZXrcwscNhWJ7mpQklXkAaBSU1TQtbx9YJNFYKxecE6ueP/6s+smqS0BwfbF
qFEO8a1B9daGMPxYS1Y/hcc9+W8EiuILK28IbZ+CntnD9+Um+KXFPOOKzIVWO4dY
J5tPtLIIKFVoT4AO04brjhkjm//vi3E5BcIH9Sq0kRupJQ5M4qiHDqPMiB4/z2Se
PclXXIzIr/yNaEkN1VTT3oFSp8ldnfOEd1KVbZquXntj/KDZVtaKEfBvtW6r/krr
OrIbn6ddjPFfrnV9v581moeRqMPuxsUolW5jrhZr8pumSKaUYeRtw5A4ZmyWQ/nA
rCvqmUifuIS9hFKDOG/bxjBMs0B+CAG9zxDdx4KQLifJaFR8Q5EF71DhCZZQLn2d
RMnzbvggbE2ippKI+Um+sX9SKfVAElKgVaKDVzZVCxyGRYOYEURQkuOZX6oND+sm
A0x5KUGHYDw6uMlJHXQTVTEZXgZ3/Jp0UniQhiqthFFw2g+I8Bg/jUMHQXGGKV/k
NTPkpPNZEqWC+nLe9VNbiJ5runyMxKLg6Ay2PnIWnLaJHCmxvOVRBlpVMAYn3cYz
RlV+G0jiEJ/I4BSPqhD9
=vOZ6
-----END PGP SIGNATURE-----

--------------enigDB2C70FD44936BD43DDCA621--


--==============H90213868267741215=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============H90213868267741215==--

From - Thu Sep  6 20:22:46 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001ecc3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id CACD8EE86C
for <lists@securityspace.com>; Thu,  6 Sep 2012 20:16:47 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1T9mDX-0002zy-Dw; Fri, 07 Sep 2012 00:14:39 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9mD5-0002rO-Cy
for ubuntu-security-announce@lists.ubuntu.com;
Fri, 07 Sep 2012 00:14:11 +0000
Received: from static-50-53-53-239.bvtn.or.frontiernet.net ([50.53.53.239]
helo=[192.168.192.110]) by youngberry.canonical.com with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9mEK-0001tB-Hl
for ubuntu-security-announce@lists.ubuntu.com;
Fri, 07 Sep 2012 00:15:28 +0000
Message-ID: <50493C9C.7050202@canonical.com>
Date: Thu, 06 Sep 2012 17:15:24 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
Followup-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1557-1] Linux kernel vulnerability
X-Enigmail-Version: 1.4.4
X-Mailman-Approved-At: Fri, 07 Sep 2012 00:14:34 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, security@ubuntu.com
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============P71945944747365771=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============P71945944747365771=Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enig3A2F17C246BCDDFA34232159"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig3A2F17C246BCDDFA34232159
Content-Type: multipart/mixed;
 boundary="------------060208030508010800070609"

This is a multi-part message in MIME format.
--------------060208030508010800070609
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1557-1
September 07, 2012

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux: Linux kernel

Details:

Some errors where discovered in the Linux kernel's UDF file system, which
is used to mount some CD-ROMs and DVDs. An unprivileged local user could
use these flaws to crash the system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  linux-image-2.6.38-15-generic   2.6.38-15.66
  linux-image-2.6.38-15-generic-pae  2.6.38-15.66
  linux-image-2.6.38-15-omap      2.6.38-15.66
  linux-image-2.6.38-15-powerpc   2.6.38-15.66
  linux-image-2.6.38-15-powerpc-smp  2.6.38-15.66
  linux-image-2.6.38-15-powerpc64-smp  2.6.38-15.66
  linux-image-2.6.38-15-server    2.6.38-15.66
  linux-image-2.6.38-15-versatile  2.6.38-15.66
  linux-image-2.6.38-15-virtual   2.6.38-15.66

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1557-1
  CVE-2012-3400

Package Information:
  https://launchpad.net/ubuntu/+source/linux/2.6.38-15.66


--------------060208030508010800070609
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------060208030508010800070609--

--------------enig3A2F17C246BCDDFA34232159
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQSTycAAoJEAUvNnAY1cPYU1cP/3TVweaT1qr56YnAY8Qz//7z
rHC/wngY0mW9Qw5MmBNKYUkWdkbJ7YWDDxcr+iki/HHyMZGRxT0u27OVB1RSHz9S
IeE98cM1oVjl0Rozkjp0Y2XyDRZTh388ALzKIsDO1B3JyZISn0UkxCh9YipQnOB6
/ENoPaK0Q7wwdddyqEq7lRo5Ah4qlZ+Rdocyw8f69Gz+nIObs6/UXCO7REcBGbyN
jJVAPItNixh+i0RYDSIh7f6NmndRlo2S+hDt7qqAaEGerad7nUp9E+/ECPRoxfkg
wYsQvspeYnIfKW5RBYuFKQ7ZOj8D+fVzPdmunY5XBWRYcNsIlF3sVXxUdr5FCqE/
Zux1bPAa6quGAJceYqC0qp+unNYrXna8F/Pz6xRTc/3t8lHBnGeh71eBrM0hR25M
aEmoJHCoxKSauGYJ9L2GFIA+B+4IDJDWSW7gKt1yovc+z25R9UJNW1H+l2uDL37M
FTwt7XwXHW5NVy3xMxsd/AVB6hi38JU8GkYvd76I40EPbzGujQAsJbpG3d1fdDlj
JaLqdoX8V25EioJ0Vb5I0+zFqY2TQIeUSSS82DY3JX5QK2wGfFu6sVZM4BGuANIO
jQgToqmHefyHTMilplWtc+iw0fzzdrgp60X3/NPXUvOL5sYAtTO8Tku5VcR1vYLW
7AnJtRNABkqlARjtvINT
=oPAh
-----END PGP SIGNATURE-----

--------------enig3A2F17C246BCDDFA34232159--


--==============P71945944747365771=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============P71945944747365771==--

From - Thu Sep  6 20:33:04 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001ecc4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id 13282EEBB7
for <lists@securityspace.com>; Thu,  6 Sep 2012 20:25:50 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1T9mMS-000525-3i; Fri, 07 Sep 2012 00:23:52 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9mLt-0004v9-Fr
for ubuntu-security-announce@lists.ubuntu.com;
Fri, 07 Sep 2012 00:23:17 +0000
Received: from static-50-53-53-239.bvtn.or.frontiernet.net ([50.53.53.239]
helo=[192.168.192.110]) by youngberry.canonical.com with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <john.johansen@canonical.com>) id 1T9mN8-00025q-J8
for ubuntu-security-announce@lists.ubuntu.com;
Fri, 07 Sep 2012 00:24:34 +0000
Message-ID: <50493EBE.7090609@canonical.com>
Date: Thu, 06 Sep 2012 17:24:30 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
Followup-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1558-1] Linux kernel (OMAP4) vulnerability
X-Enigmail-Version: 1.4.4
X-Mailman-Approved-At: Fri, 07 Sep 2012 00:23:47 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, security@ubuntu.com
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============x79010780377711033=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--==============x79010780377711033=Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enig8832D1E1F1FC0AE5A8187F88"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8832D1E1F1FC0AE5A8187F88
Content-Type: multipart/mixed;
 boundary="------------070803080606060000080502"

This is a multi-part message in MIME format.
--------------070803080606060000080502
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1558-1
September 07, 2012

linux-ti-omap4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw to
cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  linux-image-3.0.0-1215-omap4    3.0.0-1215.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
  http://www.ubuntu.com/usn/usn-1558-1
  CVE-2012-2372

Package Information:
  https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1215.27


--------------070803080606060000080502
Content-Type: text/plain; charset=UTF-8;
 name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="Attached Message Part"


--------------070803080606060000080502--

--------------enig8832D1E1F1FC0AE5A8187F88
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQST6+AAoJEAUvNnAY1cPY9sQP/2l38/LbCViOfGCKISc4FzP2
Uc6cSvIwmrnhbFUVFKlovO2ieXJIkTH78gB2KNCE430S+234QGxhY2ahEByWqlya
UBU5hR+EDCL4IVs7fH6A7TiEWzBDOseNqqVq6uKAvrZRClsEpIZ/o0iqTMg7/Lcx
PkU7KK69LNaqtnBi3CXeKBbwCkdZBc49C7fFEMir1uADUD0orjfTeSS+M+UY7gGc
Zrp0YFqcCXT1NLv6gS26geyIaaVU+jeQ9IFrOzVCdQylCDLzcKebXk1FHeVTO8gl
FAYH5DukOAw6uncmJWBkpkLF1vWXISbo6nUdckOK7XUBNuffe+RdYlX+I0+bpHjC
fiA/mvYoxeygaYKXTb4Sq0dNf4BXhIPBrXTZaU3cvTnwbkMEe9o1q3WsBamPERuf
1qRwt8Kr8N059pZBJpf7rQ/n4m2n0lHLsuWtmnKGfO0DVvfh3FYkPwG9xKvFCIqu
ZP4nXeZDsrI2co1x+L7kKFf8p9K49Bh2Z+PQoM4Ol1O3Jvf+OVPB8ABfwzD6mGgD
gnNnD8wkRoVQPZ5op3ucLPPoTJ47YlX/+zUloPw4cX/1vVNDiPZm7CrBqXIFdFz4
IC9lJ/+yOtbvGQv355TbWUETCqhZZqUUnK/nu0/Masll4uXrsEyK36Vy1wAJ2Bjo
1Rtu08axC0aQdHqky1u2
=qHWG
-----END PGP SIGNATURE-----

--------------enig8832D1E1F1FC0AE5A8187F88--


--==============x79010780377711033=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============x79010780377711033==--

From - Mon Sep 10 09:14:40 2012
X-Account-Key: account7
X-UIDL: 4d7faa1e0001ed63
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:                                                                                 
Return-Path: <ubuntu-security-announce-bounces@lists.ubuntu.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204])
by mx.securityspace.com (Postfix) with ESMTP id 6070EEC0E3
for <lists@securityspace.com>; Mon, 10 Sep 2012 09:14:31 -0400 (EDT)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <ubuntu-security-announce-bounces@lists.ubuntu.com>)
id 1TB3mL-0006Lf-QU; Mon, 10 Sep 2012 13:11:53 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
by chlorine.canonical.com with esmtp (Exim 4.71)
(envelope-from <marc.deslauriers@canonical.com>) id 1TB3lv-0006Hi-Gn
for ubuntu-security-announce@lists.ubuntu.com;
Mon, 10 Sep 2012 13:11:27 +0000
Received: from modemcable236.11-81-70.mc.videotron.ca ([70.81.11.236]
helo=[192.168.66.150]) by youngberry.canonical.com with esmtpsa
(TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71)
(envelope-from <marc.deslauriers@canonical.com>) id 1TB3nO-0007pa-Q3
for ubuntu-security-announce@lists.ubuntu.com;
Mon, 10 Sep 2012 13:12:59 +0000
Message-ID: <1347282768.3414.174.camel@mdlinux>
Subject: [USN-1560-1] Django vulnerabilities
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Date: Mon, 10 Sep 2012 09:12:48 -0400
X-Mailer: Evolution 3.2.3-0ubuntu6 
Mime-Version: 1.0
X-Mailman-Approved-At: Mon, 10 Sep 2012 13:11:45 +0000
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: ubuntu-users@lists.ubuntu.com, Ubuntu Security <security@ubuntu.com>
List-Id: Ubuntu Security Announcements
<ubuntu-security-announce.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-security-announce>
List-Post: <mailto:ubuntu-security-announce@lists.ubuntu.com>
List-Help: <mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce>,
<mailto:ubuntu-security-announce-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="==============r80206572010818154=="
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:   


--==============r80206572010818154=Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-T2MPndvTH2nlETLokcjF"


--=-T2MPndvTH2nlETLokcjF
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1560-1
September 10, 2012

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Applications using Django could be made to crash or expose sensitive
information.

Software Description:
- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly validated the scheme of a
redirect target. If a user were tricked into opening a specially crafted
URL, an attacker could possibly exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2012-3442)

It was discovered that Django incorrectly handled validating certain
images. A remote attacker could use this flaw to cause the server to
consume memory, leading to a denial of service. (CVE-2012-3443)

Jeroen Dekkers discovered that Django incorrectly handled certain image
dimensions. A remote attacker could use this flaw to cause the server to
consume resources, leading to a denial of service. (CVE-2012-3444)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  python-django                   1.3.1-4ubuntu1.2

Ubuntu 11.10:
  python-django                   1.3-2ubuntu1.3

Ubuntu 11.04:
  python-django                   1.2.5-1ubuntu1.2

Ubuntu 10.04 LTS:
  python-django                   1.1.1-2ubuntu1.5

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1560-1
  CVE-2012-3442, CVE-2012-3443, CVE-2012-3444

Package Information:
  https://launchpad.net/ubuntu/+source/python-django/1.3.1-4ubuntu1.2
  https://launchpad.net/ubuntu/+source/python-django/1.3-2ubuntu1.3
  https://launchpad.net/ubuntu/+source/python-django/1.2.5-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/python-django/1.1.1-2ubuntu1.5


Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.