Ubuntu Linux Distribution - Security Advisories - Page 361

Ubuntu: fetchmail vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network.If fetchmail has been configured to use the "sslproto tls1", "sslcertck", or "sslfingerprint" options with a server that does not correctly support TLS negotiation, this update may cause fetchmail to (correctly) abort authentication.

LinuxSecurity.com Team
Jan 11, 2007

Ubuntu: MadWifi vulnerability

Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.

LinuxSecurity.com Team
Jan 09, 2007

Ubuntu: X.org vulnerabilities USN-403-1

The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.

LinuxSecurity.com Team
Jan 09, 2007

Ubuntu: Avahi vulnerability

A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service.

LinuxSecurity.com Team
Jan 05, 2007

Ubuntu: Thunderbird vulnerabilities

Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. (CVE-2006-6506) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503)

LinuxSecurity.com Team
Jan 04, 2007

Ubuntu: D-Bus vulnerability

Kimmo H

LinuxSecurity.com Team
Jan 04, 2007

Ubuntu: Firefox theme regression

USN-398-1 fixed vulnerabilities in Firefox. Due to the updated version, a flaw was uncovered in the Firefox Themes bundle, which erroneously reported to be incompatible with the updated Firefox. This update fixes the problem. We apologize for the inconvenience.

LinuxSecurity.com Team
Jan 04, 2007

Ubuntu: Firefox vulnerabilities

USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503)

LinuxSecurity.com Team
Jan 03, 2007

Ubuntu: w3m vulnerabilities

A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.

LinuxSecurity.com Team
Jan 02, 2007

Ubuntu: Firefox vulnerabilities USN-398-1

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.

LinuxSecurity.com Team
Jan 02, 2007

Ubuntu: Mono vulnerability USN-397-1

Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source.

LinuxSecurity.com Team
Dec 20, 2006

Ubuntu: gdm vulnerability

A format string vulnerability was discovered in the gdmchooser component of the GNOME Display Manager. By typing a specially crafted host name, local users could gain gdm user privileges, which could lead to further account information exposure.

LinuxSecurity.com Team
Dec 14, 2006

Ubuntu: avahi regression

USN-380-1 fixed a vulnerability in Avahi. However, if used with Network manager, that version occasionally failed to resolve .local DNS names until Avahi got restarted. This update fixes the problem. We apologize for the inconvenience.

LinuxSecurity.com Team
Dec 14, 2006

Ubuntu: Linux kernel vulnerabilities USN-395-1

The following CVEIDs are covered by this advisory: CVE-2006-4572, CVE-2006-4813, CVE-2006-4997, CVE-2006-5158, CVE-2006-5173, CVE-2006-5619, CVE-2006-5648, CVE-2006-5649, CVE-2006-5701, CVE-2006-5751

LinuxSecurity.com Team
Dec 13, 2006

Ubuntu: Ruby vulnerability USN-394-1

An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

LinuxSecurity.com Team
Dec 08, 2006

Ubuntu: GnuPG2 vulnerabilities

USN-389-1 and USN-393-1 fixed vulnerabilities in gnupg. This update provides the corresponding updates for gnupg2.

LinuxSecurity.com Team
Dec 07, 2006

Ubuntu: GnuPG vulnerability USN-393-1

Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 06, 2006

Ubuntu: evince-gtk vulnerability

USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk.

LinuxSecurity.com Team
Dec 06, 2006

Ubuntu: evince vulnerability

USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations.

LinuxSecurity.com Team
Dec 05, 2006

Ubuntu: libgsf vulnerability

A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.

LinuxSecurity.com Team
Dec 04, 2006

Ubuntu Linux Distribution - Page 469.88888888889

Ubuntu: fetchmail vulnerability

Ubuntu: MadWifi vulnerability

Ubuntu: X.org vulnerabilities USN-403-1

Ubuntu: Avahi vulnerability

Ubuntu: Thunderbird vulnerabilities

Ubuntu: D-Bus vulnerability

Ubuntu: Firefox theme regression

Ubuntu: Firefox vulnerabilities

Ubuntu: w3m vulnerabilities

Ubuntu: Firefox vulnerabilities USN-398-1

Ubuntu: Mono vulnerability USN-397-1

Ubuntu: gdm vulnerability

Ubuntu: avahi regression

Ubuntu: Linux kernel vulnerabilities USN-395-1

Ubuntu: Ruby vulnerability USN-394-1

Ubuntu: GnuPG2 vulnerabilities

Ubuntu: GnuPG vulnerability USN-393-1

Ubuntu: evince-gtk vulnerability

Ubuntu: evince vulnerability

Ubuntu: libgsf vulnerability

LinuxSecurity Poll

What is the best browser with a built-in VPN?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By