===========================================================
Ubuntu Security Notice USN-920-1 April 09, 2010
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177,
CVE-2010-0178, CVE-2010-0179
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
firefox-3.0 3.0.19+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.19+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
abrowser 3.0.19+nobinonly-0ubuntu0.8.10.1
firefox-3.0 3.0.19+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 1.9.0.19+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
abrowser 3.0.19+nobinonly-0ubuntu0.9.04.1
firefox-3.0 3.0.19+nobinonly-0ubuntu0.9.04.1
xulrunner-1.9 1.9.0.19+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any
applications that use Xulrunner to effect the necessary changes.

Details follow:

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered
flaws in the browser engine of Firefox. If a user were tricked into viewing
a malicious website, a remote attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2010-0174)

It was discovered that Firefox could be made to access previously freed
memory. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0175,
CVE-2010-0176, CVE-2010-0177)

Paul Stone discovered that Firefox could be made to change a mouse click
into a drag and drop event. If the user could be tricked into performing
this action twice on a crafted website, an attacker could execute
arbitrary JavaScript with chrome privileges. (CVE-2010-0178)

It was discovered that the XMLHttpRequestSpy module as used by the Firebug
add-on could be used to escalate privileges within the browser. If the user
had the Firebug add-on installed and were tricked into viewing a malicious
website, an attacker could potentially run arbitrary JavaScript.
(CVE-2010-0179)

===========================================================
Ubuntu Security Notice USN-921-1 April 09, 2010
firefox-3.5, xulrunner-1.9.1 vulnerabilities
CVE-2010-0173, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176,
CVE-2010-0177, CVE-2010-0178, CVE-2010-0179, CVE-2010-0181,
CVE-2010-0182
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
firefox-3.5 3.5.9+nobinonly-0ubuntu0.9.10.1
xulrunner-1.9.1 1.9.1.9+nobinonly-0ubuntu0.9.10.1

After a standard system upgrade you need to restart Firefox and any
applications that use Xulrunner to effect the necessary changes.

Details follow:

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered
flaws in the browser engine of Firefox. If a user were tricked into viewing
a malicious website, a remote attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2010-0173, CVE-2010-0174)

It was discovered that Firefox could be made to access previously freed
memory. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0175,
CVE-2010-0176, CVE-2010-0177)

Paul Stone discovered that Firefox could be made to change a mouse click
into a drag and drop event. If the user could be tricked into performing
this action twice on a crafted website, an attacker could execute
arbitrary JavaScript with chrome privileges. (CVE-2010-0178)

It was discovered that the XMLHttpRequestSpy module as used by the Firebug
add-on could be used to escalate privileges within the browser. If the user
had the Firebug add-on installed and were tricked into viewing a malicious
website, an attacker could potentially run arbitrary JavaScript.
(CVE-2010-0179)

Henry Sudhof discovered that an image tag could be used as a redirect to
a mailto: URL to launch an external mail handler. (CVE-2010-0181)

Wladimir Palant discovered that Firefox did not always perform security
checks on XML content. An attacker could exploit this to bypass security
policies to load certain resources. (CVE-2010-0182)

===========================================================
Ubuntu Security Notice USN-927-1 April 09, 2010
nss vulnerability
CVE-2009-3555
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
libnss3-1d 3.12.6-0ubuntu0.9.10.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user’s session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.

===========================================================
Ubuntu Security Notice USN-624-2 April 09, 2010
erlang vulnerability
CVE-2008-2371
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
erlang-base 1:13.b.1-dfsg-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-624-1 fixed a vulnerability in PCRE. This update provides the
corresponding update for Erlang.

Original advisory details:

Tavis Ormandy discovered that the PCRE library did not correctly handle
certain in-pattern options. An attacker could cause applications linked
against pcre3 to crash, leading to a denial of service.

===========================================================
Ubuntu Security Notice USN-926-1 April 08, 2010
clamav vulnerabilities
CVE-2010-0098
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04~intrepid3

Ubuntu 9.04:
libclamav6 0.95.3+dfsg-1ubuntu0.09.04.1

Ubuntu 9.10:
libclamav6 0.95.3+dfsg-1ubuntu0.09.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file to evade malware detection. (CVE-2010-0098)

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file and cause a denial of service via application crash.

===========================================================
Ubuntu Security Notice USN-925-1 April 08, 2010
moin vulnerabilities
CVE-2010-0828, CVE-2010-1238
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.6

Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.4

Ubuntu 8.10:
python-moinmoin 1.7.1-1ubuntu1.5

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.3

Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input when
processing Despam actions, resulting in cross-site scripting (XSS)
vulnerabilities. If a privileged wiki user were tricked into performing
the Despam action on a page with a crafted title, a remote attacker could
exploit this to execute JavaScript code. (CVE-2010-0828)

It was discovered that the TextCha protection in MoinMoin could be bypassed
by submitting a crafted form request. This issue only affected Ubuntu 8.10.
(CVE-2010-1238)

===========================================================
Ubuntu Security Notice USN-924-1 April 07, 2010
krb5 vulnerabilities
CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972,
CVE-2010-0629
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4
libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4

Ubuntu 8.10:
krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4

Ubuntu 9.04:
krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3
libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Sol Jerome discovered that the Kerberos kadmind service did not correctly
free memory. An unauthenticated remote attacker could send specially
crafted traffic to crash the kadmind process, leading to a denial of
service. (CVE-2010-0629)

It was discovered that Kerberos did not correctly free memory in
the GSSAPI library. If a remote attacker were able to manipulate an
application using GSSAPI carefully, the service could crash, leading to
a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901,
CVE-2007-5971)

It was discovered that Kerberos did not correctly free memory in the
GSSAPI and kdb libraries. If a remote attacker were able to manipulate
an application using these libraries carefully, the service could crash,
leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.)
(CVE-2007-5902, CVE-2007-5972)

===========================================================
Ubuntu Security Notice USN-923-1 April 07, 2010
openjdk-6 vulnerabilities
CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,
CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
CVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
openjdk-6-jre 6b11-2ubuntu2.2
openjdk-6-jre-lib 6b11-2ubuntu2.2

Ubuntu 8.10:
openjdk-6-jre 6b12-0ubuntu6.7
openjdk-6-jre-lib 6b12-0ubuntu6.7

Ubuntu 9.04:
openjdk-6-jre 6b14-1.4.1-0ubuntu13
openjdk-6-jre-lib 6b14-1.4.1-0ubuntu13

Ubuntu 9.10:
openjdk-6-jre 6b16-1.6.1-3ubuntu3
openjdk-6-jre-lib 6b16-1.6.1-3ubuntu3

After a standard system upgrade you need to restart all Java applications
to effect the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content
at the beginning of the user’s session. (CVE-2009-3555)

It was discovered that Loader-constraint table, Policy/PolicyFile,
Inflater/Deflater, drag/drop access, and deserialization did not correctly
handle certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094)

It was discovered that AtomicReferenceArray, System.arraycopy,
InetAddress, and HashAttributeSet did not correctly handle certain
situations. If a remote attacker could trigger specific error conditions,
a Java application could crash, leading to a denial of service.
(CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845)

It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and
the AWT library did not correctly check buffer lengths. If a user or
automated system were tricked into handling specially crafted JAR files or
images, a remote attacker could crash the Java application or possibly
gain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847,
CVE-2010-0848).

It was discovered that applets did not correctly handle certain trust
chains. If a user were tricked into running a specially crafted applet,
a remote attacker could possibly run untrusted code with user privileges.
(CVE-2010-0840)

===========================================================
Ubuntu Security Notice USN-922-1 March 31, 2010
libnss-db vulnerability
CVE-2010-0826
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libnss-db 2.2.3pre1-3ubuntu1.8.04.2

Ubuntu 8.10:
libnss-db 2.2.3pre1-3ubuntu1.8.10.2

Ubuntu 9.04:
libnss-db 2.2.3pre1-3ubuntu3.9.04.2

Ubuntu 9.10:
libnss-db 2.2.3pre1-3ubuntu3.9.10.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stephane Chazelas discovered that libnss-db did not correctly set up a
database environment. A local attacker could exploit this to read the
first line of arbitrary files, leading to a loss of privacy and possibly
privilege escalation.

===========================================================
Ubuntu Security Notice USN-919-1 March 29, 2010
emacs22, emacs23 vulnerability
CVE-2010-0825
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
emacs22-bin-common 22.1-0ubuntu10.2

Ubuntu 8.10:
emacs22-bin-common 22.2-0ubuntu2.8.10.1

Ubuntu 9.04:
emacs22-bin-common 22.2-0ubuntu2.9.04.1

Ubuntu 9.10:
emacs22-bin-common 22.2-0ubuntu6.2
emacs23-bin-common 23.1+1-4ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dan Rosenberg discovered that the email helper in Emacs did not correctly
check file permissions. A local attacker could perform a symlink race
to read or append to another user’s mailbox if it was stored under a
group-writable group-”mail” directory.