=========================================================== Ubuntu Security Notice USN-674-1 November 19, 2008 hplip vulnerabilities CVE-2008-2940, CVE-2008-2941 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: hplip 0.9.7-4ubuntu1.1 Ubuntu 7.10: hplip 2.7.7.dfsg.1-0ubuntu5.1 Ubuntu 8.04 LTS: hplip 2.8.2-0ubuntu8.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. (CVE-2008-2940) It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. (CVE-2008-2941)

=========================================================== Ubuntu Security Notice USN-673-1 November 19, 2008 libxml2 vulnerabilities CVE-2008-4225, CVE-2008-4226 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libxml2 2.6.24.dfsg-1ubuntu1.4 Ubuntu 7.10: libxml2 2.6.30.dfsg-2ubuntu1.4 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.3 Ubuntu 8.10: libxml2 2.6.32.dfsg-4ubuntu1.1 After a standard system upgrade you need to restart your sessions to effect the necessary changes. Details follow: Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. (CVE-2008-4225) Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. (CVE-2008-4226)

=========================================================== Ubuntu Security Notice USN-672-1 November 17, 2008 clamav vulnerability CVE-2008-5050 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.1-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service.

=========================================================== Ubuntu Security Notice USN-667-1 November 17, 2008 firefox, firefox-3.0, xulrunner-1.9 vulnerabilities CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: firefox 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 Ubuntu 7.10: firefox 2.0.0.18+nobinonly-0ubuntu0.7.10 Ubuntu 8.04 LTS: firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.4+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.4+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.4+nobinonly-0ubuntu0.8.10.1 After a standard system upgrade you need to restart Firefox and any application that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. (CVE-2008-4582) Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. This issue only affects Firefox 2. (CVE-2008-5012) It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013) Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014) Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015) Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5016, CVE-2008-5017, CVE-2008-5018) David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges. (CVE-2008-5019) Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017) A flaw was discovered in Firefox's DOM constructing code. If a user were tricked into opening a malicious website, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021) It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022) Collin Jackson discovered various flaws in Firefox when processing stylesheets which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker could execute arbitrary code with the privileges of the signed JAR or of a different website. (CVE-2008-5023) Chris Evans discovered that Firefox did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024)

=========================================================== Ubuntu Security Notice USN-671-1 November 17, 2008 mysql-dfsg-5.0 vulnerabilities CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11 Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4 Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963)

=========================================================== Ubuntu Security Notice USN-670-1 November 13, 2008 vm-builder vulnerability https://bugs.launchpad.net/+bug/296841 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: passwd 1:4.0.13-7ubuntu3.3 Ubuntu 7.10: passwd 1:4.0.18.1-9ubuntu0.1 Ubuntu 8.04 LTS: passwd 1:4.0.18.2-1ubuntu2.1 Ubuntu 8.10: passwd 1:4.1.1-1ubuntu1.1 python-vm-builder 0.9-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. This vulnerability only affects virtual machines created with vm-builder under Ubuntu 8.10, and does not affect native Ubuntu installations. An update was made to the shadow package to detect vulnerable systems and disable password authentication for the root account. Vulnerable virtual machines which an attacker has access to should be considered compromised, and appropriate actions taken to secure the machine.