Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:55:43 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1044781538&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Ubuntu%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Fubuntu%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1044781538.1338191743.1338191743.1338191743.1%3B%2B__utmz%3D32867617.1338191743.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113055/sa49293.txt http://packetstormsecurity.org/files/113055/sa49293.txt http://packetstormsecurity.org/files/113055/Secunia-Security-Advisory-49293.html Sat, 26 May 2012 07:07:12 GMT Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) of the application using the library. http://packetstormsecurity.org/files/113049/USN-1454-1.txt http://packetstormsecurity.org/files/113049/USN-1454-1.txt http://packetstormsecurity.org/files/113049/Ubuntu-Security-Notice-USN-1454-1.html Fri, 25 May 2012 21:02:04 GMT Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. http://packetstormsecurity.org/files/113034/USN-1453-1.txt http://packetstormsecurity.org/files/113034/USN-1453-1.txt http://packetstormsecurity.org/files/113034/Ubuntu-Security-Notice-USN-1453-1.html Fri, 25 May 2012 20:08:29 GMT Ubuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed. http://packetstormsecurity.org/files/113033/USN-1452-1.txt http://packetstormsecurity.org/files/113033/USN-1452-1.txt http://packetstormsecurity.org/files/113033/Ubuntu-Security-Notice-USN-1452-1.html Fri, 25 May 2012 20:08:16 GMT Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed. http://packetstormsecurity.org/files/113032/USN-1451-1.txt http://packetstormsecurity.org/files/113032/USN-1451-1.txt http://packetstormsecurity.org/files/113032/Ubuntu-Security-Notice-USN-1451-1.html Fri, 25 May 2012 19:52:12 GMT Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed. http://packetstormsecurity.org/files/112987/USN-1450-1.txt http://packetstormsecurity.org/files/112987/USN-1450-1.txt http://packetstormsecurity.org/files/112987/Ubuntu-Security-Notice-USN-1450-1.html Thu, 24 May 2012 02:21:13 GMT Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service. http://packetstormsecurity.org/files/113016/sa49279.txt http://packetstormsecurity.org/files/113016/sa49279.txt http://packetstormsecurity.org/files/113016/Secunia-Security-Advisory-49279.html Thu, 24 May 2012 02:20:19 GMT Secunia Security Advisory - Ubuntu has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/112972/sa49256.txt http://packetstormsecurity.org/files/112972/sa49256.txt http://packetstormsecurity.org/files/112972/Secunia-Security-Advisory-49256.html Wed, 23 May 2012 06:20:27 GMT Secunia Security Advisory - Ubuntu has issued an update for feedparser. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/112956/USN-1449-1.txt http://packetstormsecurity.org/files/112956/USN-1449-1.txt http://packetstormsecurity.org/files/112956/Ubuntu-Security-Notice-USN-1449-1.html Tue, 22 May 2012 20:37:23 GMT Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion. http://packetstormsecurity.org/files/112962/sa49258.txt http://packetstormsecurity.org/files/112962/sa49258.txt http://packetstormsecurity.org/files/112962/Secunia-Security-Advisory-49258.html Tue, 22 May 2012 06:27:18 GMT Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. http://packetstormsecurity.org/files/112911/USN-1448-1.txt http://packetstormsecurity.org/files/112911/USN-1448-1.txt http://packetstormsecurity.org/files/112911/Ubuntu-Security-Notice-USN-1448-1.html Tue, 22 May 2012 00:25:24 GMT Ubuntu Security Notice 1448-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed. http://packetstormsecurity.org/files/112910/USN-1447-1.txt http://packetstormsecurity.org/files/112910/USN-1447-1.txt http://packetstormsecurity.org/files/112910/Ubuntu-Security-Notice-USN-1447-1.html Tue, 22 May 2012 00:25:14 GMT Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. http://packetstormsecurity.org/files/112846/USN-1445-1.txt http://packetstormsecurity.org/files/112846/USN-1445-1.txt http://packetstormsecurity.org/files/112846/Ubuntu-Security-Notice-USN-1445-1.html Fri, 18 May 2012 14:07:47 GMT Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed. http://packetstormsecurity.org/files/112845/USN-1444-1.txt http://packetstormsecurity.org/files/112845/USN-1444-1.txt http://packetstormsecurity.org/files/112845/Ubuntu-Security-Notice-USN-1444-1.html Fri, 18 May 2012 14:07:31 GMT Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. http://packetstormsecurity.org/files/112832/sa49211.txt http://packetstormsecurity.org/files/112832/sa49211.txt http://packetstormsecurity.org/files/112832/Secunia-Security-Advisory-49211.html Fri, 18 May 2012 06:06:52 GMT Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. http://packetstormsecurity.org/files/112875/sa49230.txt http://packetstormsecurity.org/files/112875/sa49230.txt http://packetstormsecurity.org/files/112875/Secunia-Security-Advisory-49230.html Fri, 18 May 2012 05:24:48 GMT Secunia Security Advisory - Ubuntu has issued an update for update-manager. This fixes two security issues, which can potentially be exploited by malicious, local users and malicious people to disclose sensitive information. http://packetstormsecurity.org/files/112870/sa49213.txt http://packetstormsecurity.org/files/112870/sa49213.txt http://packetstormsecurity.org/files/112870/Secunia-Security-Advisory-49213.html Fri, 18 May 2012 05:24:32 GMT Secunia Security Advisory - Ubuntu has issued an update for backuppc. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/112823/USN-1443-1.txt http://packetstormsecurity.org/files/112823/USN-1443-1.txt http://packetstormsecurity.org/files/112823/Ubuntu-Security-Notice-USN-1443-1.html Thu, 17 May 2012 19:27:59 GMT Ubuntu Security Notice 1443-1 - It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed. http://packetstormsecurity.org/files/112810/sa49197.txt http://packetstormsecurity.org/files/112810/sa49197.txt http://packetstormsecurity.org/files/112810/Secunia-Security-Advisory-49197.html Thu, 17 May 2012 11:18:55 GMT Secunia Security Advisory - Ubuntu has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/112780/USN-1442-1.txt http://packetstormsecurity.org/files/112780/USN-1442-1.txt http://packetstormsecurity.org/files/112780/Ubuntu-Security-Notice-USN-1442-1.html Wed, 16 May 2012 22:46:27 GMT Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu. http://packetstormsecurity.org/files/112732/USN-1441-1.txt http://packetstormsecurity.org/files/112732/USN-1441-1.txt http://packetstormsecurity.org/files/112732/Ubuntu-Security-Notice-USN-1441-1.html Tue, 15 May 2012 21:57:44 GMT Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed. http://packetstormsecurity.org/files/112555/sa49071.txt http://packetstormsecurity.org/files/112555/sa49071.txt http://packetstormsecurity.org/files/112555/Secunia-Security-Advisory-49071.html Wed, 09 May 2012 07:37:31 GMT Secunia Security Advisory - Ubuntu has issued an update for horizon. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to conduct script insertion attacks and by malicious users to conduct session fixation attacks. http://packetstormsecurity.org/files/112534/USN-1440-1.txt http://packetstormsecurity.org/files/112534/USN-1440-1.txt http://packetstormsecurity.org/files/112534/Ubuntu-Security-Notice-USN-1440-1.html Wed, 09 May 2012 00:18:13 GMT Ubuntu Security Notice 1440-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed. http://packetstormsecurity.org/files/112533/USN-1432-1.txt http://packetstormsecurity.org/files/112533/USN-1432-1.txt http://packetstormsecurity.org/files/112533/Ubuntu-Security-Notice-USN-1432-1.html Wed, 09 May 2012 00:17:44 GMT Ubuntu Security Notice 1432-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. Various other issues were also addressed. http://packetstormsecurity.org/files/112528/sa48889.txt http://packetstormsecurity.org/files/112528/sa48889.txt http://packetstormsecurity.org/files/112528/Secunia-Security-Advisory-48889.html Tue, 08 May 2012 04:17:28 GMT Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).