Next Page >>
discovered
USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This
update provides the corresponding updates for Ubuntu 10.04.
Original advisory details:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068
CVE-2008-4069 CVE-2008-4070 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-0017
CVE-2008-5021 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508
CVE-2008-5511 CVE-2008-5512
Several remote vulnerabilities have been discovered in Iceape an
unbranded version of the Seamonkey internet suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0016
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
Joel Becker discovered that OCFS2 did not correctly validate on-disk
symlink structures. If an attacker were able to trick a user or automated
system into mounting a specially crafted filesystem, it could crash the
system or exposde kernel memory, leading to a loss of privacy.
Ben Hutchings discovered that the ethtool interface did not correctly
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067
CVE-2008-4068 CVE-2008-4070 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018
CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506
CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512
Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client. The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-0016
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2008-0016
CVE-2010-3877 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073
CVE-2010-4074 CVE-2010-4078 CVE-2010-4079 CVE-2010-4080
CVE-2010-4081 CVE-2010-4083 CVE-2010-4164
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2963
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Jacobson discovered that ThinkPad video output was not correctly access
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dave Chinner discovered that the XFS filesystem did not correctly order
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Linux kernel did not correctly handle memory
protection of the Virtual Dynamic Shared Object page when running
a 32-bit application on a 64-bit kernel. A local attacker could
exploit this to cause a denial of service. (Only affected Ubuntu 6.06
LTS.) (CVE-2009-4271)
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
9.10. This update provides updated packages for use with Firefox 3.6 and
Xulrunner 1.9.2.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
We apologize for the inconvenience.
Original advisory details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attack on
After a standard system upgrade you need to access the Moodle instance
and accept the database update to clear any invalid cached data.
Details follow:
Thor Larholm discovered that PHPMailer, as used by Moodle, did not
correctly escape email addresses. A local attacker with direct access
to the Moodle database could exploit this to execute arbitrary commands
as the web server user. (CVE-2007-3215)
Nigel McNie discovered that fetching https URLs did not correctly escape
After a standard system upgrade you need to restart applications linked against
xine-lib, such as Totem-xine and Amarok, to effect the necessary changes.
Details follow:
It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322
CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834
CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242
CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-4307
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069
Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0016
Vulnerability : several
Problem type : local/remote
Debian-specific: no
CVE ID : CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2008-2785
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
CVE-2011-3188 CVE-2011-3191
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2011-1020
/proc/<pid>/maps files.
The text of the original advisory is reproduced for reference:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2011-1020
CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910
CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238
CVE-2009-3286 CVE-2009-3547 CVE-2009-3612 CVE-2009-3613
CVE-2009-3620 CVE-2009-3621
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2846
CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031
CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676
CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265
CVE-2009-1336 CVE-2009-1337 CVE-2009-1439
Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service, privilege escalation, or information
leak. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2008-4307
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811
Several remote vulnerabilities have been discovered in the Iceweasel
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-2798
CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
CVE-2007-1592 CVE-2007-2172 CVE-2007-2525 CVE-2007-3848
CVE-2007-4308 CVE-2007-4311 CVE-2007-5093 CVE-2007-6063
CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0007
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code.
The package versions referenced in the initial DSA-1503 advisory
introduced a regression that can cause hangs on systems that make use of
CVE-2008-0592 CVE-2008-0593 CVE-2008-0594
A regression has been fixed in iceape's frame handling code. For
reference you can find the original update below:
Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
CVE-2008-0592 CVE-2008-0593 CVE-2008-0594
A regression has been fixed in iceape's frame handling code. For
reference you can find the original update below:
Several remote vulnerabilities have been discovered in the Iceape internet
suite, an unbranded version of the Seamonkey Internet Suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0412
Next Page>>
|
