CentOS Errata and Security Advisory 2012:1326 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1326.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
38a6255ac1cf5337931baa1aa5196debf689a0485f317fd6c857c617c97c3bed freeradius-2.1.12-4.el6_3.i686.rpm
07d36dd86d7c3721c7c3ecc07179b1fadaf8fbfd40bcb2db9504bf2817933f42 freeradius-krb5-2.1.12-4.el6_3.i686.rpm
f0c73287e4508097da20d8c1fe8af97334c47b1236baae4919d319efcfc91097 freeradius-ldap-2.1.12-4.el6_3.i686.rpm
30a53cbe7d7d8081d4652deef3cac718c4d7025b480002b2f9043d4e78c60460 freeradius-mysql-2.1.12-4.el6_3.i686.rpm
3f6850ac6310b96376b6e2bdfa2620330b998e64d4cdc0d129fd976f5fd1545d freeradius-perl-2.1.12-4.el6_3.i686.rpm
edab062baa89a77cb7ca150d43414afbe0bd42d01aa32d95e92427c8ba623e5b freeradius-postgresql-2.1.12-4.el6_3.i686.rpm
1bdfc0f6ade9dd05955419bc498f531197bd15e83233f6a3daee05bca1b668fb freeradius-python-2.1.12-4.el6_3.i686.rpm
fa68405f50f98c9b6c9c21d181ff90719714eea21949aac5208d68592d554aa0 freeradius-unixODBC-2.1.12-4.el6_3.i686.rpm
0efcf4143b92156946f5deeafafd1f871f4de6668b5455a4c1f2fee259218013 freeradius-utils-2.1.12-4.el6_3.i686.rpm
x86_64:
2f24d9e9ff06249fcecbe46ad623cd078c1f1787bef3e1a913eac056bc9d3978 freeradius-2.1.12-4.el6_3.x86_64.rpm
8e8d3918e98d23872faef2ff44d33568e8c81c7641308145017f7d4d6ed28328 freeradius-krb5-2.1.12-4.el6_3.x86_64.rpm
0090582512e2dca71cdd82f8e250cceff524d9ee980926f37e16869ca1370ccf freeradius-ldap-2.1.12-4.el6_3.x86_64.rpm
ae2c4bb8742fe3a864a2b6e01d6f7411931ed2b2ce03c24eae468ba035e947f7 freeradius-mysql-2.1.12-4.el6_3.x86_64.rpm
a3aef7db9a785fb52dd695967d14df8e9b371a295516e7269956a6ce4038c1d0 freeradius-perl-2.1.12-4.el6_3.x86_64.rpm
dc54bda2da5068407f31327c7c5aa03dca21dee319ce5f5cb4d9883e06feaf5a freeradius-postgresql-2.1.12-4.el6_3.x86_64.rpm
4a39147c455140eebc2f11523413391b5d10cfc64f0dfe9bb594ae86f7d168ae freeradius-python-2.1.12-4.el6_3.x86_64.rpm
7f00acdbc4018f06369e274e0b9048868403af5391036b41ea4c435d9f622fb2 freeradius-unixODBC-2.1.12-4.el6_3.x86_64.rpm
9dcc5545a671878da58d2b7f981474b4af16d3cf64fac35c2880a8525fd1fb35 freeradius-utils-2.1.12-4.el6_3.x86_64.rpm
Source:
0f7ddd575b08bb26d984f1a55552cb33be076cfd4ed6859f946620ce3e05537f freeradius-2.1.12-4.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Tuesday, October 2, 2012
[CentOS-announce] CESA-2012:1327 Moderate CentOS 5 freeradius2 Update
CentOS Errata and Security Advisory 2012:1327 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1327.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7c9a6d1dfa86f5c5ac63c35ea68caa5d0eab7ad39c1033297bbfbd41605cf359 freeradius2-2.1.12-4.el5_8.i386.rpm
f3d06e3441918988f046de2cb08568a6d2d4b776784752fa132074022087c84a freeradius2-krb5-2.1.12-4.el5_8.i386.rpm
3e8d6b5fcc4da3945dd5509b650723e1409d16519d15f9a0bf01c1fd33b6c51b freeradius2-ldap-2.1.12-4.el5_8.i386.rpm
4aa75b7550bf7331746e6a5e528b697ea0d222bc41f7bb0d20963a0fbf638ed1 freeradius2-mysql-2.1.12-4.el5_8.i386.rpm
4664256e4f50412eaa80f76458c65789e939aca942c0eb78039c5c6bd054a31b freeradius2-perl-2.1.12-4.el5_8.i386.rpm
d0322db1a7eb1556b587c282f16d570551bf117775df7849c9ab8e8e62354fb4 freeradius2-postgresql-2.1.12-4.el5_8.i386.rpm
e5f4c11ec332f75ec510b1563ef36d957b3dd41927d28541e7fc1eed2fb4b949 freeradius2-python-2.1.12-4.el5_8.i386.rpm
5c077be6474ff33f23631661fd1efd7c16a84d76b88ee3c04f31764b81165620 freeradius2-unixODBC-2.1.12-4.el5_8.i386.rpm
825061ea0d355b482ffa3ffee7215cdbfab3647b17229cb49a0b75fa4ee3ffff freeradius2-utils-2.1.12-4.el5_8.i386.rpm
x86_64:
67b95210fc1dd32330712fdcc509f5222619183864b737ba2ee7268c004a59e2 freeradius2-2.1.12-4.el5_8.x86_64.rpm
506fb85b41c4a0a1954506fe253b787823acd74353a39c186f7b6db668cba8a0 freeradius2-krb5-2.1.12-4.el5_8.x86_64.rpm
d66daad1d211f5eeac67683555989c363bbbdf9d5676f67a8e5ed6f4c219ddd9 freeradius2-ldap-2.1.12-4.el5_8.x86_64.rpm
c901eedd831e5993f6a56dc7a00b59154de68907430533d1a06b085fcfe1beac freeradius2-mysql-2.1.12-4.el5_8.x86_64.rpm
e8b3d7b370dcb187aef09c6fb74f2dea3f38561c197c48eee062f3c68993c2bb freeradius2-perl-2.1.12-4.el5_8.x86_64.rpm
863cbf2f77c5defb6246c6f64a434af0fdc36441d762c65a83f0f1831abde0a3 freeradius2-postgresql-2.1.12-4.el5_8.x86_64.rpm
a0dce75cb28e1b581ab3e890652f423947868ce0b7baccfdf4afcb603385cf05 freeradius2-python-2.1.12-4.el5_8.x86_64.rpm
c4976fcbd5debfd11aa9b45ca89d84ee45e7ffc0a0787e1db4a987e494f6a67a freeradius2-unixODBC-2.1.12-4.el5_8.x86_64.rpm
3c39b7ddd2811bfe60c7c5da7ef30b707d458ea23189bccf363214a1edc41f82 freeradius2-utils-2.1.12-4.el5_8.x86_64.rpm
Source:
cfd3d8e0052815357b7be324f661147b397c42f277f14b5cb365b000cbd6060d freeradius2-2.1.12-4.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1327.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7c9a6d1dfa86f5c5ac63c35ea68caa5d0eab7ad39c1033297bbfbd41605cf359 freeradius2-2.1.12-4.el5_8.i386.rpm
f3d06e3441918988f046de2cb08568a6d2d4b776784752fa132074022087c84a freeradius2-krb5-2.1.12-4.el5_8.i386.rpm
3e8d6b5fcc4da3945dd5509b650723e1409d16519d15f9a0bf01c1fd33b6c51b freeradius2-ldap-2.1.12-4.el5_8.i386.rpm
4aa75b7550bf7331746e6a5e528b697ea0d222bc41f7bb0d20963a0fbf638ed1 freeradius2-mysql-2.1.12-4.el5_8.i386.rpm
4664256e4f50412eaa80f76458c65789e939aca942c0eb78039c5c6bd054a31b freeradius2-perl-2.1.12-4.el5_8.i386.rpm
d0322db1a7eb1556b587c282f16d570551bf117775df7849c9ab8e8e62354fb4 freeradius2-postgresql-2.1.12-4.el5_8.i386.rpm
e5f4c11ec332f75ec510b1563ef36d957b3dd41927d28541e7fc1eed2fb4b949 freeradius2-python-2.1.12-4.el5_8.i386.rpm
5c077be6474ff33f23631661fd1efd7c16a84d76b88ee3c04f31764b81165620 freeradius2-unixODBC-2.1.12-4.el5_8.i386.rpm
825061ea0d355b482ffa3ffee7215cdbfab3647b17229cb49a0b75fa4ee3ffff freeradius2-utils-2.1.12-4.el5_8.i386.rpm
x86_64:
67b95210fc1dd32330712fdcc509f5222619183864b737ba2ee7268c004a59e2 freeradius2-2.1.12-4.el5_8.x86_64.rpm
506fb85b41c4a0a1954506fe253b787823acd74353a39c186f7b6db668cba8a0 freeradius2-krb5-2.1.12-4.el5_8.x86_64.rpm
d66daad1d211f5eeac67683555989c363bbbdf9d5676f67a8e5ed6f4c219ddd9 freeradius2-ldap-2.1.12-4.el5_8.x86_64.rpm
c901eedd831e5993f6a56dc7a00b59154de68907430533d1a06b085fcfe1beac freeradius2-mysql-2.1.12-4.el5_8.x86_64.rpm
e8b3d7b370dcb187aef09c6fb74f2dea3f38561c197c48eee062f3c68993c2bb freeradius2-perl-2.1.12-4.el5_8.x86_64.rpm
863cbf2f77c5defb6246c6f64a434af0fdc36441d762c65a83f0f1831abde0a3 freeradius2-postgresql-2.1.12-4.el5_8.x86_64.rpm
a0dce75cb28e1b581ab3e890652f423947868ce0b7baccfdf4afcb603385cf05 freeradius2-python-2.1.12-4.el5_8.x86_64.rpm
c4976fcbd5debfd11aa9b45ca89d84ee45e7ffc0a0787e1db4a987e494f6a67a freeradius2-unixODBC-2.1.12-4.el5_8.x86_64.rpm
3c39b7ddd2811bfe60c7c5da7ef30b707d458ea23189bccf363214a1edc41f82 freeradius2-utils-2.1.12-4.el5_8.x86_64.rpm
Source:
cfd3d8e0052815357b7be324f661147b397c42f277f14b5cb365b000cbd6060d freeradius2-2.1.12-4.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1593-1] devscripts vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQa1LIAAoJEGVp2FWnRL6TC6QQALraJXxsHWapAD5ILIA8FnbH
dZK+C4uAiAEepGv8iQ8IODuOgxHez456I3E4n+qceKchxd9hQ11FrPsu+0scTnLn
Vq4oiseAIZIr+N34o8/mxYGFyiyBR73YM3f8L77uMMpL6Sc7aHNSMze2EB0uNfAm
DoR9umCrxH1fE58TV9i6sKF9etbq5E6fvW0Xsawsli9PUf2AJVXMa+wqIG1KgiDU
q5BAdHunAarPG19+NXjtRCM1DtWsdLfhXvBNrVq46O5HU5v/gUFcXgyhFl5OuWzq
4JUavpkdQU9aGC2IpGjJ0+fXsCzQMYJGwudVuftHhU5jyNVO/wk+AliHgvDl2m+k
YoW1AN+KowMIWu5ritpQd37USE0/etCee4lBicIUs5p320NwCuQo/7YPiBa2GB0c
L6P9TS/Bc4Ca/G0TuvTew32KbFac2naSWQExjSK66S8Cj9BeyKD9Xsa/NqF8DWn+
O63qPteMxnl0ucwUZlSBOHpA+dClJCbh4uUECWoWCcZLSQD1kwpH8ieISwDqmlPu
uqfC06NKPJbWgWs8Um6SqJ3VZBDqGRvzvCQkxeANKRkRBBgfd+K7MB2+3Y6VrHOP
G/Nb7lk0yaMhive7+t93m4BBLRhRijLhPJerEAFEv+1AlM+jrzLGPbwf7r/o0U+d
JfvDMkeI91tQL1tAXyIz
=nYy8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1593-1
October 02, 2012
devscripts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in devscripts.
Software Description:
- devscripts: scripts to make the life of a Debian Package maintainer easier
Details:
Raphael Geissert discovered that the debdiff.pl tool incorrectly handled
shell metacharacters. If a user or automated system were tricked into
processing a specially crafted filename, a remote attacher could possibly
execute arbitrary code. (CVE-2012-0212)
Raphael Geissert discovered that the dscverify tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. (CVE-2012-2240)
Raphael Geissert discovered that the dget tool incorrectly performed input
validation. If a user or automated system were tricked into processing
specially crafted files, a remote attacher could delete arbitrary files.
(CVE-2012-2241)
Raphael Geissert discovered that the dget tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 11.04. (CVE-2012-2242)
Jim Meyering discovered that the annotate-output tool incorrectly handled
temporary files. A local attacker could use this flaw to alter files being
processed by the annotate-output tool. On Ubuntu 11.04 and later, this
issue was mitigated by the Yama kernel symlink restrictions.
(CVE-2012-3500)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
devscripts 2.11.6ubuntu1.4
Ubuntu 11.10:
devscripts 2.11.1ubuntu3.2
Ubuntu 11.04:
devscripts 2.10.69ubuntu2.2
Ubuntu 10.04 LTS:
devscripts 2.10.61ubuntu5.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1593-1
CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242,
CVE-2012-3500
Package Information:
https://launchpad.net/ubuntu/+source/devscripts/2.11.6ubuntu1.4
https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.3
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQa1LIAAoJEGVp2FWnRL6TC6QQALraJXxsHWapAD5ILIA8FnbH
dZK+C4uAiAEepGv8iQ8IODuOgxHez456I3E4n+qceKchxd9hQ11FrPsu+0scTnLn
Vq4oiseAIZIr+N34o8/mxYGFyiyBR73YM3f8L77uMMpL6Sc7aHNSMze2EB0uNfAm
DoR9umCrxH1fE58TV9i6sKF9etbq5E6fvW0Xsawsli9PUf2AJVXMa+wqIG1KgiDU
q5BAdHunAarPG19+NXjtRCM1DtWsdLfhXvBNrVq46O5HU5v/gUFcXgyhFl5OuWzq
4JUavpkdQU9aGC2IpGjJ0+fXsCzQMYJGwudVuftHhU5jyNVO/wk+AliHgvDl2m+k
YoW1AN+KowMIWu5ritpQd37USE0/etCee4lBicIUs5p320NwCuQo/7YPiBa2GB0c
L6P9TS/Bc4Ca/G0TuvTew32KbFac2naSWQExjSK66S8Cj9BeyKD9Xsa/NqF8DWn+
O63qPteMxnl0ucwUZlSBOHpA+dClJCbh4uUECWoWCcZLSQD1kwpH8ieISwDqmlPu
uqfC06NKPJbWgWs8Um6SqJ3VZBDqGRvzvCQkxeANKRkRBBgfd+K7MB2+3Y6VrHOP
G/Nb7lk0yaMhive7+t93m4BBLRhRijLhPJerEAFEv+1AlM+jrzLGPbwf7r/o0U+d
JfvDMkeI91tQL1tAXyIz
=nYy8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1593-1
October 02, 2012
devscripts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in devscripts.
Software Description:
- devscripts: scripts to make the life of a Debian Package maintainer easier
Details:
Raphael Geissert discovered that the debdiff.pl tool incorrectly handled
shell metacharacters. If a user or automated system were tricked into
processing a specially crafted filename, a remote attacher could possibly
execute arbitrary code. (CVE-2012-0212)
Raphael Geissert discovered that the dscverify tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. (CVE-2012-2240)
Raphael Geissert discovered that the dget tool incorrectly performed input
validation. If a user or automated system were tricked into processing
specially crafted files, a remote attacher could delete arbitrary files.
(CVE-2012-2241)
Raphael Geissert discovered that the dget tool incorrectly escaped
arguments to external commands. If a user or automated system were tricked
into processing specially crafted files, a remote attacher could possibly
execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 11.04. (CVE-2012-2242)
Jim Meyering discovered that the annotate-output tool incorrectly handled
temporary files. A local attacker could use this flaw to alter files being
processed by the annotate-output tool. On Ubuntu 11.04 and later, this
issue was mitigated by the Yama kernel symlink restrictions.
(CVE-2012-3500)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
devscripts 2.11.6ubuntu1.4
Ubuntu 11.10:
devscripts 2.11.1ubuntu3.2
Ubuntu 11.04:
devscripts 2.10.69ubuntu2.2
Ubuntu 10.04 LTS:
devscripts 2.10.61ubuntu5.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1593-1
CVE-2012-0212, CVE-2012-2240, CVE-2012-2241, CVE-2012-2242,
CVE-2012-3500
Package Information:
https://launchpad.net/ubuntu/+source/devscripts/2.11.6ubuntu1.4
https://launchpad.net/ubuntu/+source/devscripts/2.11.1ubuntu3.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.69ubuntu2.2
https://launchpad.net/ubuntu/+source/devscripts/2.10.61ubuntu5.3
[USN-1592-1] Python 2.7 vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQa05PAAoJEFHb3FjMVZVzrhYP/1+jFL8/7CAqqhfFRofu6Ae8
yi/c+4hotO279eFFkmmrtRtDrEi7pBuxUHu3b62D4kkEgeivfJ3TKHIfaUTVKt3S
NSy/TAILlMz8eR0Plu8toXy6TC7D6brTBINQeJVFy4uBFFwDWeE7neTE16jyC8Q1
zDPhOWmcZt2aQVLAz9OLQsIX2KShfKMh+7uH8wHt8ipV9vBaVNl298lans01tYqR
uxm8BUJiRKVRonmjLwLlEtLJ/2vlTn2wmOzVMR19HxOvK84dGwzrTlE5mA941CUO
0KpnXO+ZTC76R2N2xMLt4mokt1nYWdkAwACM84wQi1rWbnhMX2Ke6DmQECLqrTyK
Ffob9KS+Z07oKuW7W9DwPRZY9RUZ/ozCqPkIRu7xyZuZcKmrzX3K57l7tb0a9Gg6
qD16N1mk0jy8jPgyXLPoEFthDN0yXVaZKN4s1NZ/DbvVDLjvtA4bUs0Mv00Gq8T3
UtWDFn1JmkxjxyWkDxQaJMvKDtCIYjq5YUPoNajr2KtyxTNhg4swj/52lr7IrKNa
WAks1yVJ85vEToUYl1bvUFDgwZy1T4ZlBEw9xr8dbBdduL4Cn1wee8xv3WhS6rBT
yk3BH6sGNxp/mEg4bc1umBs2ekYJ2S9BNUu6d2toySIAeG4H8j6ZPUfh3IjO4PaD
SHdI2rsWGWefT5Jn2sRC
=olyK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1592-1
October 02, 2012
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Several security issues were fixed in Python 2.7.
Software Description:
- python2.7: An interactive high-level object-oriented language
(version 2.7)
Details:
Niels Heinen discovered that the urllib and urllib2 modules would
process Location headers that specify a redirection to file: URLs. A
remote attacker could exploit this to obtain sensitive information or
cause a denial of service. This issue only affected Ubuntu 11.04.
(CVE-2011-1521)
It was discovered that SimpleHTTPServer did not use a charset parameter
in the Content-Type HTTP header. An attacker could potentially exploit
this to conduct cross-site scripting (XSS) attacks against Internet
Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)
It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to
obtain sensitive information. (CVE-2011-4944)
It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)
It was discovered that Python was susceptible to hash algorithm attacks.
An attacker could cause a denial of service under certian circumstances.
This updates adds the '-R' command line option and honors setting the
PYTHONHASHSEED environment variable to 'random' to salt str and datetime
objects with an unpredictable value. (CVE-2012-1150)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
python2.7 2.7.2-5ubuntu1.1
python2.7-minimal 2.7.2-5ubuntu1.1
Ubuntu 11.04:
python2.7 2.7.1-5ubuntu2.2
python2.7-minimal 2.7.1-5ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1592-1
CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845,
CVE-2012-1150
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.2-5ubuntu1.1
https://launchpad.net/ubuntu/+source/python2.7/2.7.1-5ubuntu2.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQa05PAAoJEFHb3FjMVZVzrhYP/1+jFL8/7CAqqhfFRofu6Ae8
yi/c+4hotO279eFFkmmrtRtDrEi7pBuxUHu3b62D4kkEgeivfJ3TKHIfaUTVKt3S
NSy/TAILlMz8eR0Plu8toXy6TC7D6brTBINQeJVFy4uBFFwDWeE7neTE16jyC8Q1
zDPhOWmcZt2aQVLAz9OLQsIX2KShfKMh+7uH8wHt8ipV9vBaVNl298lans01tYqR
uxm8BUJiRKVRonmjLwLlEtLJ/2vlTn2wmOzVMR19HxOvK84dGwzrTlE5mA941CUO
0KpnXO+ZTC76R2N2xMLt4mokt1nYWdkAwACM84wQi1rWbnhMX2Ke6DmQECLqrTyK
Ffob9KS+Z07oKuW7W9DwPRZY9RUZ/ozCqPkIRu7xyZuZcKmrzX3K57l7tb0a9Gg6
qD16N1mk0jy8jPgyXLPoEFthDN0yXVaZKN4s1NZ/DbvVDLjvtA4bUs0Mv00Gq8T3
UtWDFn1JmkxjxyWkDxQaJMvKDtCIYjq5YUPoNajr2KtyxTNhg4swj/52lr7IrKNa
WAks1yVJ85vEToUYl1bvUFDgwZy1T4ZlBEw9xr8dbBdduL4Cn1wee8xv3WhS6rBT
yk3BH6sGNxp/mEg4bc1umBs2ekYJ2S9BNUu6d2toySIAeG4H8j6ZPUfh3IjO4PaD
SHdI2rsWGWefT5Jn2sRC
=olyK
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1592-1
October 02, 2012
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
Several security issues were fixed in Python 2.7.
Software Description:
- python2.7: An interactive high-level object-oriented language
(version 2.7)
Details:
Niels Heinen discovered that the urllib and urllib2 modules would
process Location headers that specify a redirection to file: URLs. A
remote attacker could exploit this to obtain sensitive information or
cause a denial of service. This issue only affected Ubuntu 11.04.
(CVE-2011-1521)
It was discovered that SimpleHTTPServer did not use a charset parameter
in the Content-Type HTTP header. An attacker could potentially exploit
this to conduct cross-site scripting (XSS) attacks against Internet
Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)
It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to
obtain sensitive information. (CVE-2011-4944)
It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)
It was discovered that Python was susceptible to hash algorithm attacks.
An attacker could cause a denial of service under certian circumstances.
This updates adds the '-R' command line option and honors setting the
PYTHONHASHSEED environment variable to 'random' to salt str and datetime
objects with an unpredictable value. (CVE-2012-1150)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
python2.7 2.7.2-5ubuntu1.1
python2.7-minimal 2.7.2-5ubuntu1.1
Ubuntu 11.04:
python2.7 2.7.1-5ubuntu2.2
python2.7-minimal 2.7.1-5ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1592-1
CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845,
CVE-2012-1150
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.2-5ubuntu1.1
https://launchpad.net/ubuntu/+source/python2.7/2.7.1-5ubuntu2.2
[USN-1591-1] xdiagnose update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
==========================================================================
Ubuntu Security Notice USN-1591-1
October 02, 2012
xdiagnose update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- - Ubuntu 12.04 LTS
Summary:
3rd party applications using xdiagnose could potentially be made to
overwrite files.
Software Description:
- - xdiagnose: X.org diagnosis tool
Details:
Alec Warner discovered that xdiagnose improperly handled temporary files
in welcome.py when creating user-initiated archive files. While
failsafeX does not use the vulnerable code, this update removes this
functionality to protect any 3rd party applications which import the
vulnerable code. In the default Ubuntu installation, this should be
prevented by the Yama link restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
xdiagnose 2.5.2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1591-1
https://launchpad.net/bugs/1036211
Package Information:
https://launchpad.net/ubuntu/+source/xdiagnose/2.5.2ubuntu0.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIbBAEBCgAGBQJQa0cLAAoJEFHb3FjMVZVzrYsP9Am30mCdGs6nEfuK162Kxi8j
e/ByGns5xVxZoHgWyi54Jo9HD9d7rjtEdJoFWFVitTQGJlHq1CLrHhdSvXiKXIUe
W1LaL5LP/8uGkAM1/HyBHG8vVNrh9T5PkB48AIdie0vhE3nvcRA1O3wcBqwzMFS7
6xIUoK9R9USmXfX2pkD1Mr2LMAxfRF0FLijAX/heQU3JiHuUlSHCcbyVcoiaAEFN
k00uZMKUOWqn4kXfl9FvMbsxSN+Xg9pzQ/CN1byjWc/im8cVakU9I5kKQbp+t4FL
ntN0PttVGn/9/+Rj2Pswa3zjGgnABitE0bEr3zYrwxfibLoVoqifR717731eFTXD
dXbCx667rFtuwkEqssZjcwnovBqrfiG8cBeOxoDXie7vE7Z5alMoPRxOX8ZR1xuE
KFP7pWSDp5aIJI7jp6yWO00puYuiW8gfjQ05fOiuUsLiCtFlY4W6Mz2FL3sXDtcw
qywTqAj6O+AJiB+h0BFSaXEa7rZa8ZGbESR3QXSDW7UEssYuIEDlGsw6x7KZ1zFz
AtL2dwFgqMBKRZCSmnaksMj6DnHLR8XNioXBoPAIF7VD2vT0r+siHpuvpAxxSd8y
6GnDeAzWSevR/Pq/2nzZPC/+07/EJa69CqxyzI43ZYb8oeZve52MmfFNaAgS1zkM
/6u26JNyATb75G0cYdc=
=bAqp
-----END PGP SIGNATURE-----
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Hash: SHA512
==========================================================================
Ubuntu Security Notice USN-1591-1
October 02, 2012
xdiagnose update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- - Ubuntu 12.04 LTS
Summary:
3rd party applications using xdiagnose could potentially be made to
overwrite files.
Software Description:
- - xdiagnose: X.org diagnosis tool
Details:
Alec Warner discovered that xdiagnose improperly handled temporary files
in welcome.py when creating user-initiated archive files. While
failsafeX does not use the vulnerable code, this update removes this
functionality to protect any 3rd party applications which import the
vulnerable code. In the default Ubuntu installation, this should be
prevented by the Yama link restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
xdiagnose 2.5.2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1591-1
https://launchpad.net/bugs/1036211
Package Information:
https://launchpad.net/ubuntu/+source/xdiagnose/2.5.2ubuntu0.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIbBAEBCgAGBQJQa0cLAAoJEFHb3FjMVZVzrYsP9Am30mCdGs6nEfuK162Kxi8j
e/ByGns5xVxZoHgWyi54Jo9HD9d7rjtEdJoFWFVitTQGJlHq1CLrHhdSvXiKXIUe
W1LaL5LP/8uGkAM1/HyBHG8vVNrh9T5PkB48AIdie0vhE3nvcRA1O3wcBqwzMFS7
6xIUoK9R9USmXfX2pkD1Mr2LMAxfRF0FLijAX/heQU3JiHuUlSHCcbyVcoiaAEFN
k00uZMKUOWqn4kXfl9FvMbsxSN+Xg9pzQ/CN1byjWc/im8cVakU9I5kKQbp+t4FL
ntN0PttVGn/9/+Rj2Pswa3zjGgnABitE0bEr3zYrwxfibLoVoqifR717731eFTXD
dXbCx667rFtuwkEqssZjcwnovBqrfiG8cBeOxoDXie7vE7Z5alMoPRxOX8ZR1xuE
KFP7pWSDp5aIJI7jp6yWO00puYuiW8gfjQ05fOiuUsLiCtFlY4W6Mz2FL3sXDtcw
qywTqAj6O+AJiB+h0BFSaXEa7rZa8ZGbESR3QXSDW7UEssYuIEDlGsw6x7KZ1zFz
AtL2dwFgqMBKRZCSmnaksMj6DnHLR8XNioXBoPAIF7VD2vT0r+siHpuvpAxxSd8y
6GnDeAzWSevR/Pq/2nzZPC/+07/EJa69CqxyzI43ZYb8oeZve52MmfFNaAgS1zkM
/6u26JNyATb75G0cYdc=
=bAqp
-----END PGP SIGNATURE-----
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[opensuse-announce] KDE 4.9.2 Packages available for 12.2 and 12.1
This afternoon KDE 4.9.2 was officially released by the KDE team.
(http://www.kde.org/announcements/announce-4.9.2.php)
The last few days the openSUSE KDE team has been preparing the update to KDE
4.9.2 and we would like to announce that the packages are available for the
openSUSE 12.2 and 12.1 distributions.
The packages can be found in our KDE:Relaase:49 repository.
Enjoy this new release !!
Regards
openSUSE KDE Team
--
To unsubscribe, e-mail: opensuse-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-announce+help@opensuse.org
(http://www.kde.org/announcements/announce-4.9.2.php)
The last few days the openSUSE KDE team has been preparing the update to KDE
4.9.2 and we would like to announce that the packages are available for the
openSUSE 12.2 and 12.1 distributions.
The packages can be found in our KDE:Relaase:49 repository.
Enjoy this new release !!
Regards
openSUSE KDE Team
--
To unsubscribe, e-mail: opensuse-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-announce+help@opensuse.org
[USN-1590-1] QEMU vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQavb4AAoJEGVp2FWnRL6TZgsQAIhkOLqZTK7zBWxKnu2L+JCB
8bwUfzcLkXBbNh1pDbo8PV1V5WE4vxgB/erg28D7V6ynI2uXWVY7PUmtnUYBOPBH
sJYSXMQsJdMG9onJI0XHNx8lKrOQ0sVo9+8DtDxaD/eo1jbxdDZS+Uun964mdfqE
Dka1PsfZ5A39v9kD5NAAsxqDjGF2CBd3nr7ZPh+vQFNHlOUgIcPTHJwA8XPqr6p8
QkbTs9WFLIlnkvg+KuJTWP4IlLus+xhWPAjwjSrN3sHbplza4eVkYBGV2ZZu8DCr
AvsyEXI0AHCO+UYVHaBLPY51yekfaQ0EhHb2ImDkqGH5Iwnw9fjn/EDZSzgmwVGe
4hoSAGB8/cbYC2GHun9NKpVTsubqYwJTi8Q/XBw325o498d8K2YJ4HxATF4W7awn
JEHzdGlRxl3I5zRIhiwRuasni2RE6kdjVUOPvJs8nEtAHOw40DT8zJolXzu5QE8r
KI+3Zp47T29krQnZFEWdt9s+BAP7Yh66BqMNF5u2OuApbM84H61Ivl/KmqmUIk4r
GRApOO7kdTEKb+XdyAb0C50BXeM1rvs5TIbPBkvM48Z8DTup7blbfVNl2sh/EMuH
raeJrOmoPVtVDN85j1ZXHQFoG3BmVkBf8B+VOBWvl4kFl3vXNxUvKAAIudpf2kvI
VBgiEqDmoaBv2cY6/bpK
=KEM/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1590-1
October 02, 2012
qemu-kvm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
QEMU could be made to crash or run programs.
Software Description:
- qemu-kvm: Machine emulator and virtualizer
Details:
It was discovered that QEMU incorrectly handled certain VT100 escape
sequences. A guest user with access to an emulated character device could
use this flaw to cause QEMU to crash, or possibly execute arbitrary code on
the host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2
Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5
Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7
Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20
After a standard system update you need to restart your virtual machines to
make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515
Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQavb4AAoJEGVp2FWnRL6TZgsQAIhkOLqZTK7zBWxKnu2L+JCB
8bwUfzcLkXBbNh1pDbo8PV1V5WE4vxgB/erg28D7V6ynI2uXWVY7PUmtnUYBOPBH
sJYSXMQsJdMG9onJI0XHNx8lKrOQ0sVo9+8DtDxaD/eo1jbxdDZS+Uun964mdfqE
Dka1PsfZ5A39v9kD5NAAsxqDjGF2CBd3nr7ZPh+vQFNHlOUgIcPTHJwA8XPqr6p8
QkbTs9WFLIlnkvg+KuJTWP4IlLus+xhWPAjwjSrN3sHbplza4eVkYBGV2ZZu8DCr
AvsyEXI0AHCO+UYVHaBLPY51yekfaQ0EhHb2ImDkqGH5Iwnw9fjn/EDZSzgmwVGe
4hoSAGB8/cbYC2GHun9NKpVTsubqYwJTi8Q/XBw325o498d8K2YJ4HxATF4W7awn
JEHzdGlRxl3I5zRIhiwRuasni2RE6kdjVUOPvJs8nEtAHOw40DT8zJolXzu5QE8r
KI+3Zp47T29krQnZFEWdt9s+BAP7Yh66BqMNF5u2OuApbM84H61Ivl/KmqmUIk4r
GRApOO7kdTEKb+XdyAb0C50BXeM1rvs5TIbPBkvM48Z8DTup7blbfVNl2sh/EMuH
raeJrOmoPVtVDN85j1ZXHQFoG3BmVkBf8B+VOBWvl4kFl3vXNxUvKAAIudpf2kvI
VBgiEqDmoaBv2cY6/bpK
=KEM/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1590-1
October 02, 2012
qemu-kvm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
QEMU could be made to crash or run programs.
Software Description:
- qemu-kvm: Machine emulator and virtualizer
Details:
It was discovered that QEMU incorrectly handled certain VT100 escape
sequences. A guest user with access to an emulated character device could
use this flaw to cause QEMU to crash, or possibly execute arbitrary code on
the host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
qemu-kvm 1.0+noroms-0ubuntu14.2
Ubuntu 11.10:
qemu-kvm 0.14.1+noroms-0ubuntu6.5
Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.7
Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.20
After a standard system update you need to restart your virtual machines to
make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1590-1
CVE-2012-3515
Package Information:
https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5
https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7
https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20
Fedora 18 Schedule reminders - Features 100% Complete in one week
Hi!
A friendly reminder - all Features has to be 100% complete in
one week - Tue Oct 09 2012, see the current schedule [1].
A friendly reminder - all Features has to be 100% complete in
one week - Tue Oct 09 2012, see the current schedule [1].
Please make sure to update your Feature page(s). In case of any
problems, please let me know, we can find a solution ;-) Also
please comment it in the status section.
You can find the progress of Features on Wiki [2].
The Beta change deadline is the same day, but we'd like to avoid
long period of freeze and thus it could change (to be reviewed
on Wed FESCo meeting).
Thanks
Jaroslav
[1] http://fedoraproject.org/wiki/Releases/18/Schedule
[2] https://fedoraproject.org/wiki/Releases/18/FeatureList
--
Jaroslav Řezník <jreznik@redhat.com>
Your friendly Feature Wrangler
Office: +420 532 294 275
Mobile: +420 602 797 774
Red Hat, Inc. http://www.redhat.com/
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
[USN-1589-1] GNU C Library vulnerabilities
==========================================================================
Ubuntu Security Notice USN-1589-1
October 02, 2012
eglibc, glibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple security issues were fixed in the GNU C Library.
Software Description:
- eglibc: GNU C Library
- glibc: GNU C Library
Details:
It was discovered that positional arguments to the printf() family
of functions were not handled properly in the GNU C Library. An
attacker could possibly use this to cause a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the
strtod(), strtof() and strtold() functions in the GNU C Library. An
attacker could possibly use this to trigger a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3480)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.2
Ubuntu 11.10:
libc6 2.13-20ubuntu5.2
Ubuntu 11.04:
libc6 2.13-0ubuntu13.2
Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.11
Ubuntu 8.04 LTS:
libc6 2.7-10ubuntu8.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1589-1
CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.2
https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.2
https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.2
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.11
https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.2
Ubuntu Security Notice USN-1589-1
October 02, 2012
eglibc, glibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple security issues were fixed in the GNU C Library.
Software Description:
- eglibc: GNU C Library
- glibc: GNU C Library
Details:
It was discovered that positional arguments to the printf() family
of functions were not handled properly in the GNU C Library. An
attacker could possibly use this to cause a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the
strtod(), strtof() and strtold() functions in the GNU C Library. An
attacker could possibly use this to trigger a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3480)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.2
Ubuntu 11.10:
libc6 2.13-20ubuntu5.2
Ubuntu 11.04:
libc6 2.13-0ubuntu13.2
Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.11
Ubuntu 8.04 LTS:
libc6 2.7-10ubuntu8.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1589-1
CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.2
https://launchpad.net/ubuntu/+source/eglibc/2.13-20ubuntu5.2
https://launchpad.net/ubuntu/+source/eglibc/2.13-0ubuntu13.2
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.11
https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.2
Monday, October 1, 2012
[USN-1588-1] Software Properties vulnerability
========================================================================
Ubuntu Security Notice USN-1588-1
October 01, 2012
software-properties vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG keys.
Software Description:
- software-properties: manage the repositories that you install software
from
Details:
It was discovered that the apt-add-repository tool incorrectly validated
PPA GPG keys when importing from a keyserver. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
install altered package repository GPG keys.
Ubuntu Security Notice USN-1588-1
October 01, 2012
software-properties vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Software Properties could be tricked into installing arbitrary PPA GPG keys.
Software Description:
- software-properties: manage the repositories that you install software
from
Details:
It was discovered that the apt-add-repository tool incorrectly validated
PPA GPG keys when importing from a keyserver. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
install altered package repository GPG keys.
[opensuse-announce] openSUSE ARM 12.2 RC1 is out!
openSUSE is pleased to announce the first Release Candidate for openSUSE
12.2 on the ARM architecture. Since the openSUSE Conference in 2011, the
openSUSE ARM team has managed to bring up openSUSE ARM from nothing to a
truly usable and functional distribution on the ARM version 7 architecture.
Andrew Wafaa, who continues to be heavily involved in the openSUSE-on-ARM
initiative and now works for the UK CPU designer, remarks: "It was a fast
and hard ride. Supporting a new architecture is always a lot of work,
especially one as diverse and versatile as ARM's, but with the right tools
and the right help it is possible to do it in record time!"
12.2 on the ARM architecture. Since the openSUSE Conference in 2011, the
openSUSE ARM team has managed to bring up openSUSE ARM from nothing to a
truly usable and functional distribution on the ARM version 7 architecture.
Andrew Wafaa, who continues to be heavily involved in the openSUSE-on-ARM
initiative and now works for the UK CPU designer, remarks: "It was a fast
and hard ride. Supporting a new architecture is always a lot of work,
especially one as diverse and versatile as ARM's, but with the right tools
and the right help it is possible to do it in record time!"
[announce] NYC*BUG this week
* This week's meeting on SMPng
* Got arms? FreeBSD and NetBSD on the BeagleBone
* Holiday Meeting: Be a Grinch. Gripes and Rants about Technology
*******
October 3 @ 18:45 - Location: Suspenders
How SMPng Works and Why It Doesn't Work The Way You Think, John Baldwin
Modern x86 CPUs have hit a wall in frequency scaling and are now
expanding sideways by adding more cores. Adding more cores does not
magically multiply performance, however. John talks about some of the
reasons that it doesn't.
In 2000, FreeBSD launched a project to multithread its kernel to more
fully take advantage of modern SMP machines. This talk will give an
overview of that project's history and continuing work on improving
scalability.
About the speaker:
* Got arms? FreeBSD and NetBSD on the BeagleBone
* Holiday Meeting: Be a Grinch. Gripes and Rants about Technology
*******
October 3 @ 18:45 - Location: Suspenders
How SMPng Works and Why It Doesn't Work The Way You Think, John Baldwin
Modern x86 CPUs have hit a wall in frequency scaling and are now
expanding sideways by adding more cores. Adding more cores does not
magically multiply performance, however. John talks about some of the
reasons that it doesn't.
In 2000, FreeBSD launched a project to multithread its kernel to more
fully take advantage of modern SMP machines. This talk will give an
overview of that project's history and continuing work on improving
scalability.
About the speaker:
Subscribe to:
Posts (Atom)