The following security announcement applies to smbfs. If you have smbfs installed, please see below for details on the vulnerability and instructions on patching your system: Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into… Read More »
The following security announcement applies to lintian. If you have lintian installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially… Read More »
The following security announcement applies to dhcp-client. If you have dhcp-client installed, please see below for details on the vulnerability and instructions on patching your system: USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch… Read More »
The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly… Read More »
The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered… Read More »
The following security announcement applies to Expat. If you have Expat installed, please see below for details on the vulnerability and instructions on patching your system: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a… Read More »
The following security announcement applies to gzip. If you have gzip installed on your system please see below for details on the vulnerability and instructions on patching your system: It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file,… Read More »
The following security announcement applies to BIND. If you have BIND installed on your system please see below for information about the vulnerability and instructions on patching your system: It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a… Read More »
We’ve got one more security vulnerability to announce this morning. This one likely does not affect as many users, but it should require attention nonetheless. Detail follow: Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user’s privileges. You can apply this… Read More »
We’ve got a load of security vulnerabilities to announce for Pidgin today. The patched packages should be available for download at most Ubuntu mirrors. I would advise that you update as soon as possible. Details follow: It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user… Read More »