About Ubuntu

=========================================================== Ubuntu Security Notice USN-623-1 July 17, 2008 firefox vulnerabilities CVE-2008-2785, CVE-2008-2933 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614d-0ubuntu1 Ubuntu 7.04: firefox 2.0.0.16+0nobinonly-0ubuntu0.7.4 Ubuntu 7.10: firefox 2.0.0.16+1nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933)

=========================================================== Ubuntu Security Notice USN-625-1 July 15, 2008 linux, linux-source-2.6.15/20/22 vulnerabilities CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-52-386 2.6.15-52.69 linux-image-2.6.15-52-686 2.6.15-52.69 linux-image-2.6.15-52-amd64-generic 2.6.15-52.69 linux-image-2.6.15-52-amd64-k8 2.6.15-52.69 linux-image-2.6.15-52-amd64-server 2.6.15-52.69 linux-image-2.6.15-52-amd64-xeon 2.6.15-52.69 linux-image-2.6.15-52-hppa32 2.6.15-52.69 linux-image-2.6.15-52-hppa32-smp 2.6.15-52.69 linux-image-2.6.15-52-hppa64 2.6.15-52.69 linux-image-2.6.15-52-hppa64-smp 2.6.15-52.69 linux-image-2.6.15-52-itanium 2.6.15-52.69 linux-image-2.6.15-52-itanium-smp 2.6.15-52.69 linux-image-2.6.15-52-k7 2.6.15-52.69 linux-image-2.6.15-52-mckinley 2.6.15-52.69 linux-image-2.6.15-52-mckinley-smp 2.6.15-52.69 linux-image-2.6.15-52-powerpc 2.6.15-52.69 linux-image-2.6.15-52-powerpc-smp 2.6.15-52.69 linux-image-2.6.15-52-powerpc64-smp 2.6.15-52.69 linux-image-2.6.15-52-server 2.6.15-52.69 linux-image-2.6.15-52-server-bigiron 2.6.15-52.69 linux-image-2.6.15-52-sparc64 2.6.15-52.69 linux-image-2.6.15-52-sparc64-smp 2.6.15-52.69 Ubuntu 7.04: linux-image-2.6.20-17-386 2.6.20-17.37 linux-image-2.6.20-17-generic 2.6.20-17.37 linux-image-2.6.20-17-hppa32 2.6.20-17.37 linux-image-2.6.20-17-hppa64 2.6.20-17.37 linux-image-2.6.20-17-itanium 2.6.20-17.37 linux-image-2.6.20-17-lowlatency 2.6.20-17.37 linux-image-2.6.20-17-mckinley 2.6.20-17.37 linux-image-2.6.20-17-powerpc 2.6.20-17.37 linux-image-2.6.20-17-powerpc-smp 2.6.20-17.37 linux-image-2.6.20-17-powerpc64-smp 2.6.20-17.37 linux-image-2.6.20-17-server 2.6.20-17.37 linux-image-2.6.20-17-server-bigiron 2.6.20-17.37 linux-image-2.6.20-17-sparc64 2.6.20-17.37 linux-image-2.6.20-17-sparc64-smp 2.6.20-17.37 Ubuntu 7.10: linux-image-2.6.22-15-386 2.6.22-15.56 linux-image-2.6.22-15-cell 2.6.22-15.56 linux-image-2.6.22-15-generic 2.6.22-15.56 linux-image-2.6.22-15-hppa32 2.6.22-15.56 linux-image-2.6.22-15-hppa64 2.6.22-15.56 linux-image-2.6.22-15-itanium 2.6.22-15.56 linux-image-2.6.22-15-lpia 2.6.22-15.56 linux-image-2.6.22-15-lpiacompat 2.6.22-15.56 linux-image-2.6.22-15-mckinley 2.6.22-15.56 linux-image-2.6.22-15-powerpc 2.6.22-15.56 linux-image-2.6.22-15-powerpc-smp 2.6.22-15.56 linux-image-2.6.22-15-powerpc64-smp 2.6.22-15.56 linux-image-2.6.22-15-rt 2.6.22-15.56 linux-image-2.6.22-15-server 2.6.22-15.56 linux-image-2.6.22-15-sparc64 2.6.22-15.56 linux-image-2.6.22-15-sparc64-smp 2.6.22-15.56 linux-image-2.6.22-15-ume 2.6.22-15.56 linux-image-2.6.22-15-virtual 2.6.22-15.56 linux-image-2.6.22-15-xen 2.6.22-15.56 Ubuntu 8.04 LTS: linux-image-2.6.24-19-386 2.6.24-19.36 linux-image-2.6.24-19-generic 2.6.24-19.36 linux-image-2.6.24-19-hppa32 2.6.24-19.36 linux-image-2.6.24-19-hppa64 2.6.24-19.36 linux-image-2.6.24-19-itanium 2.6.24-19.36 linux-image-2.6.24-19-lpia 2.6.24-19.36 linux-image-2.6.24-19-lpiacompat 2.6.24-19.36 linux-image-2.6.24-19-mckinley 2.6.24-19.36 linux-image-2.6.24-19-openvz 2.6.24-19.36 linux-image-2.6.24-19-powerpc 2.6.24-19.36 linux-image-2.6.24-19-powerpc-smp 2.6.24-19.36 linux-image-2.6.24-19-powerpc64-smp 2.6.24-19.36 linux-image-2.6.24-19-rt 2.6.24-19.36 linux-image-2.6.24-19-server 2.6.24-19.36 linux-image-2.6.24-19-sparc64 2.6.24-19.36 linux-image-2.6.24-19-sparc64-smp 2.6.24-19.36 linux-image-2.6.24-19-virtual 2.6.24-19.36 linux-image-2.6.24-19-xen 2.6.24-19.36 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2007-6282) Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712) Tavis Ormandy discovered that the ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598) Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-1615) Wei Wang discovered that the ASN.1 decoding routines in CIFS and SNMP NAT did not correctly handle certain length values. Remote attackers could exploit this to execute arbitrary code or crash the system. (CVE-2008-1673) Paul Marks discovered that the SIT interfaces did not correctly manage allocated memory. A remote attacker could exploit this to fill all available memory, leading to a denial of service. (CVE-2008-2136) David Miller and Jan Lieskovsky discovered that the Sparc kernel did not correctly range-check memory regions allocated with mmap. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2137) The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service. (CVE-2008-2148) Brandon Edwards discovered that the DCCP system in the kernel did not correctly check feature lengths. A remote attacker could exploit this to execute arbitrary code. (CVE-2008-2358) A race condition was discovered between ptrace and utrace in the kernel. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365) The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729) The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code. (CVE-2008-2750) Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826)

=========================================================== Ubuntu Security Notice USN-624-1 July 15, 2008 pcre3 vulnerability CVE-2008-2371 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.3 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.3 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.3 Ubuntu 8.04 LTS: libpcre3 7.4-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

=========================================================== Ubuntu Security Notice USN-622-1 July 08, 2008 bind9 vulnerability CVE-2008-1447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.5 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.3 Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2 Ubuntu 8.04 LTS: libdns35 1:9.4.2-10ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

=========================================================== Ubuntu Security Notice USN-619-1 July 02, 2008 firefox vulnerabilities CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614c-0ubuntu1 Ubuntu 7.04: firefox 2.0.0.15+0nobinonly-0ubuntu0.7.4 Ubuntu 7.10: firefox 2.0.0.15+1nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: Various flaws were discovered in the browser engine. By tricking a user into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) Several problems were discovered in the JavaScript engine. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-2800) Collin Jackson discovered various flaws in the JavaScript engine which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker may be able to execute arbitrary code with the privileges of a different website or link content within the JAR file to an attacker-controlled JavaScript file. (CVE-2008-2801) It was discovered that Firefox would allow non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Firefox that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user were tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Claudio Santambrogio discovered a vulnerability in Firefox which could lead to stealing of arbitrary files. If a user were tricked into opening malicious content, an attacker could force the browser into uploading local files to the remote server. (CVE-2008-2805) Gregory Fleischer discovered a flaw in Java LiveConnect. An attacker could exploit this to bypass the same-origin policy and create arbitrary socket connections to other domains. (CVE-2008-2806) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, the browser may be able to see data from other programs. (CVE-2008-2807) Masahiro Yamada discovered that Firefox did not properly sanitize file URLs in directory listings, resulting in files from directory listings being opened in unintended ways or not being able to be opened by the browser at all. (CVE-2008-2808) John G. Myers discovered a weakness in the trust model used by Firefox regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A flaw was discovered in the way Firefox opened URL files. If a user were tricked into opening a bookmark to a malicious web page, the page could potentially read from local files on the user's computer. (CVE-2008-2810) A vulnerability was discovered in the block reflow code of Firefox. This vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811)

=========================================================== Ubuntu Security Notice USN-617-2 June 30, 2008 samba regression CVE-2008-1105, https://bugs.launchpad.net/bugs/241448 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsmbclient 3.0.22-1ubuntu3.8 Ubuntu 7.04: libsmbclient 3.0.24-2ubuntu1.7 Ubuntu 7.10: libsmbclient 3.0.26a-1ubuntu2.5 Ubuntu 8.04 LTS: libsmbclient 3.0.28a-1ubuntu4.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572) Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)

=========================================================== Ubuntu Security Notice USN-621-1 June 26, 2008 ruby1.8 vulnerabilities CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libruby1.8 1.8.4-1ubuntu1.5 ruby1.8 1.8.4-1ubuntu1.5 Ubuntu 7.04: libruby1.8 1.8.5-4ubuntu2.2 ruby1.8 1.8.5-4ubuntu2.2 Ubuntu 7.10: libruby1.8 1.8.6.36-1ubuntu3.2 ruby1.8 1.8.6.36-1ubuntu3.2 Ubuntu 8.04 LTS: libruby1.8 1.8.6.111-2ubuntu1.1 ruby1.8 1.8.6.111-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. (CVE-2008-2664)

=========================================================== Ubuntu Security Notice USN-620-1 June 26, 2008 openssl vulnerabilities CVE-2008-0891, CVE-2008-1672 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.3 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. (CVE-2008-0891) It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash. (CVE-2008-1672)

=========================================================== Ubuntu Security Notice USN-618-1 June 19, 2008 linux-source-2.6.15/20/22 vulnerabilities CVE-2007-4571, CVE-2007-5904, CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375, CVE-2008-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-52-386 2.6.15-52.67 linux-image-2.6.15-52-686 2.6.15-52.67 linux-image-2.6.15-52-amd64-generic 2.6.15-52.67 linux-image-2.6.15-52-amd64-k8 2.6.15-52.67 linux-image-2.6.15-52-amd64-server 2.6.15-52.67 linux-image-2.6.15-52-amd64-xeon 2.6.15-52.67 linux-image-2.6.15-52-hppa32 2.6.15-52.67 linux-image-2.6.15-52-hppa32-smp 2.6.15-52.67 linux-image-2.6.15-52-hppa64 2.6.15-52.67 linux-image-2.6.15-52-hppa64-smp 2.6.15-52.67 linux-image-2.6.15-52-itanium 2.6.15-52.67 linux-image-2.6.15-52-itanium-smp 2.6.15-52.67 linux-image-2.6.15-52-k7 2.6.15-52.67 linux-image-2.6.15-52-mckinley 2.6.15-52.67 linux-image-2.6.15-52-mckinley-smp 2.6.15-52.67 linux-image-2.6.15-52-powerpc 2.6.15-52.67 linux-image-2.6.15-52-powerpc-smp 2.6.15-52.67 linux-image-2.6.15-52-powerpc64-smp 2.6.15-52.67 linux-image-2.6.15-52-server 2.6.15-52.67 linux-image-2.6.15-52-server-bigiron 2.6.15-52.67 linux-image-2.6.15-52-sparc64 2.6.15-52.67 linux-image-2.6.15-52-sparc64-smp 2.6.15-52.67 Ubuntu 7.04: linux-image-2.6.20-17-386 2.6.20-17.36 linux-image-2.6.20-17-generic 2.6.20-17.36 linux-image-2.6.20-17-hppa32 2.6.20-17.36 linux-image-2.6.20-17-hppa64 2.6.20-17.36 linux-image-2.6.20-17-itanium 2.6.20-17.36 linux-image-2.6.20-17-lowlatency 2.6.20-17.36 linux-image-2.6.20-17-mckinley 2.6.20-17.36 linux-image-2.6.20-17-powerpc 2.6.20-17.36 linux-image-2.6.20-17-powerpc-smp 2.6.20-17.36 linux-image-2.6.20-17-powerpc64-smp 2.6.20-17.36 linux-image-2.6.20-17-server 2.6.20-17.36 linux-image-2.6.20-17-server-bigiron 2.6.20-17.36 linux-image-2.6.20-17-sparc64 2.6.20-17.36 linux-image-2.6.20-17-sparc64-smp 2.6.20-17.36 Ubuntu 7.10: linux-image-2.6.22-15-386 2.6.22-15.54 linux-image-2.6.22-15-cell 2.6.22-15.54 linux-image-2.6.22-15-generic 2.6.22-15.54 linux-image-2.6.22-15-hppa32 2.6.22-15.54 linux-image-2.6.22-15-hppa64 2.6.22-15.54 linux-image-2.6.22-15-itanium 2.6.22-15.54 linux-image-2.6.22-15-lpia 2.6.22-15.54 linux-image-2.6.22-15-lpiacompat 2.6.22-15.54 linux-image-2.6.22-15-mckinley 2.6.22-15.54 linux-image-2.6.22-15-powerpc 2.6.22-15.54 linux-image-2.6.22-15-powerpc-smp 2.6.22-15.54 linux-image-2.6.22-15-powerpc64-smp 2.6.22-15.54 linux-image-2.6.22-15-rt 2.6.22-15.54 linux-image-2.6.22-15-server 2.6.22-15.54 linux-image-2.6.22-15-sparc64 2.6.22-15.54 linux-image-2.6.22-15-sparc64-smp 2.6.22-15.54 linux-image-2.6.22-15-ume 2.6.22-15.54 linux-image-2.6.22-15-virtual 2.6.22-15.54 linux-image-2.6.22-15-xen 2.6.22-15.54 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-386, linux-powerpc, linux-amd64-generic), a standard system upgrade will automatically perform this as well. Details follow: It was discovered that the ALSA /proc interface did not write the correct number of bytes when reporting memory allocations. A local attacker might be able to access sensitive kernel memory, leading to a loss of privacy. (CVE-2007-4571) Multiple buffer overflows were discovered in the handling of CIFS filesystems. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. (CVE-2007-5904) It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694) It was discovered that some device driver fault handlers did not correctly verify memory ranges. A local attacker could exploit this to access sensitive kernel memory, possibly leading to a loss of privacy. (CVE-2008-0007) It was discovered that CPU resource limits could be bypassed. A malicious local user could exploit this to avoid administratively imposed resource limits. (CVE-2008-1294) A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375) On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669)

=========================================================== Ubuntu Security Notice USN-612-11 June 18, 2008 openssl-blacklist update http://www.ubuntu.com/usn/usn-612-1 http://www.ubuntu.com/usn/usn-612-3 http://www.ubuntu.com/usn/usn-612-8 http://www.ubuntu.com/usn/usn-612-9 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssl-blacklist 0.3.3+0.4-0ubuntu0.6.06.2 openssl-blacklist-extra 0.3.3+0.4-0ubuntu0.6.06.2 Ubuntu 7.04: openssl-blacklist 0.3.3+0.4-0ubuntu0.7.04.2 openssl-blacklist-extra 0.3.3+0.4-0ubuntu0.7.04.2 Ubuntu 7.10: openssl-blacklist 0.3.3+0.4-0ubuntu0.7.10.2 openssl-blacklist-extra 0.3.3+0.4-0ubuntu0.7.10.2 Ubuntu 8.04 LTS: openssl-blacklist 0.3.3+0.4-0ubuntu0.8.04.3 openssl-blacklist-extra 0.3.3+0.4-0ubuntu0.8.04.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-612-3 addressed a weakness in OpenSSL certificate and key generation and introduced openssl-blacklist to aid in detecting vulnerable certificates and keys. This update adds RSA-4096 blacklists to the openssl-blacklist-extra package and adjusts openssl-vulnkey to properly handle RSA-4096 and higher moduli. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.