Ubuntu Security Notice USN-571-2 January 19, 2008 xorg-server regression Bug 183969 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• xserver-xorg-core 1:1.0.2-0ubuntu10.10

Ubuntu 6.10

• xserver-xorg-core 1:1.1.1-0ubuntu12.5

Ubuntu 7.04

• xserver-xorg-core 2:1.2.0-3ubuntu8.3

Ubuntu 7.10

• xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.3

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006)

Ubuntu Security Notice USN-572-1 January 18, 2008 apt-listchanges vulnerability CVE-2008-0302 A security issue affects the following Ubuntu releases:

• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

• apt-listchanges 2.72ubuntu6.1

Ubuntu 7.10

• apt-listchanges 2.74ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges.

Ubuntu Security Notice USN-571-1 January 18, 2008 libxfont, xorg-server vulnerabilities CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• libxfont1 1:1.0.0-0ubuntu3.4
• xserver-xorg-core 1:1.0.2-0ubuntu10.8

Ubuntu 6.10

• libxfont1 1:1.2.0-0ubuntu3.2
• xserver-xorg-core 1:1.1.1-0ubuntu12.3

Ubuntu 7.04

• libxfont1 1:1.2.7-1ubuntu1.1
• xserver-xorg-core 2:1.2.0-3ubuntu8.1

Ubuntu 7.10

• libxfont1 1:1.3.0-0ubuntu1.1
• xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006)

Ubuntu Security Notice USN-570-1 January 16, 2008 boost vulnerabilities CVE-2008-0171, CVE-2008-0172 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• libboost-regex1.33.1 1.33.1-2ubuntu0.1

Ubuntu 6.10

• libboost-regex1.33.1 1.33.1-7ubuntu1.1

Ubuntu 7.04

• libboost-regex1.33.1 1.33.1-9ubuntu3.1

Ubuntu 7.10

• libboost-regex1.34.1 1.34.1-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.

Ubuntu Security Notice USN-569-1 January 14, 2008 libxml2 vulnerability CVE-2007-6284 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• libxml2 2.6.24.dfsg-1ubuntu1.1

Ubuntu 6.10

• libxml2 2.6.26.dfsg-2ubuntu4.1

Ubuntu 7.04

• libxml2 2.6.27.dfsg-1ubuntu3.1

Ubuntu 7.10

• libxml2 2.6.30.dfsg-2ubuntu1.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.

Ubuntu Security Notice USN-568-1 January 14, 2008 postgresql vulnerabilities CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• postgresql-8.1 8.1.11-0ubuntu0.6.06.1
• postgresql-pltcl-8.1 8.1.11-0ubuntu0.6.06.1

Ubuntu 6.10

• postgresql-8.1 8.1.11-0ubuntu0.6.10.1
• postgresql-pltcl-8.1 8.1.11-0ubuntu0.6.10.1

Ubuntu 7.04

• postgresql-8.2 8.2.6-0ubuntu0.7.04.1
• postgresql-pltcl-8.2 8.2.6-0ubuntu0.7.04.1

Ubuntu 7.10

• postgresql-8.2 8.2.6-0ubuntu0.7.10.1
• postgresql-pltcl-8.2 8.2.6-0ubuntu0.7.10.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)

It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600)

Ubuntu Security Notice USN-567-1 January 10, 2008 dovecot vulnerability CVE-2007-6598 A security issue affects the following Ubuntu releases:

• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

• dovecot-imapd 1.0.rc17-1ubuntu2.2
• dovecot-pop3d 1.0.rc17-1ubuntu2.2

Ubuntu 7.10

• dovecot-imapd 1:1.0.5-1ubuntu2.1
• dovecot-pop3d 1:1.0.5-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.

Ubuntu Security Notice USN-566-1 January 09, 2008 openssh vulnerability CVE-2007-4752 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• openssh-client 1:4.2p1-7ubuntu3.2

Ubuntu 6.10

• openssh-client 1:4.3p2-5ubuntu1.1

Ubuntu 7.04

• openssh-client 1:4.3p2-8ubuntu1.1

Ubuntu 7.10

• openssh-client 1:4.6p1-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.

Ubuntu Security Notice USN-565-1 January 09, 2008 squid vulnerability CVE-2007-6239 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• squid 2.5.12-4ubuntu2.3

Ubuntu 6.10

• squid 2.6.1-3ubuntu1.5

Ubuntu 7.04

• squid 2.6.5-4ubuntu2.1

Ubuntu 7.10

• squid 2.6.14-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.

Ubuntu Security Notice USN-564-1 January 09, 2008 net-snmp vulnerability CVE-2007-5846 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• snmpd 5.2.1.2-4ubuntu2.2

Ubuntu 6.10

• snmpd 5.2.2-5ubuntu1.1

Ubuntu 7.04

• snmpd 5.2.3-4ubuntu1.1

Ubuntu 7.10

• snmpd 5.3.1-6ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.

Ubuntu Security Notice USN-562-1 January 08, 2008 opal vulnerability CVE-2007-4924 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• libopal-2.2.0 2.2.1-1ubuntu1.1

Ubuntu 6.10

• libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1

Ubuntu 7.04

• libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.

Ubuntu Security Notice USN-560-1 January 07, 2008 tomboy vulnerability CVE-2005-4790 A security issue affects the following Ubuntu releases:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

• tomboy 0.3.5-1ubuntu3.1

Ubuntu 6.10

• tomboy 0.4.1-0ubuntu3.1

Ubuntu 7.04

• tomboy 0.6.3-0ubuntu1.1

Ubuntu 7.10

• tomboy 0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.