Canonical Adds Advanced Enterprise Features to Latest Version of Systems Management Tool New 'Landscape' supports Ubuntu 10.04 LTS migration and cloud deployments for enterprises

London 25th May 2010: Canonical today announced the latest version of its Ubuntu-dedicated systems management tool that simplifies enterprise deployments with tools to configure multiple servers, connect with single sign on (SSO) authentication systems and manage cloud topologies.  

read more

Referenced CVEs:  CVE-2008-1391, CVE-2010-0296, CVE-2010-0830 Description:  =========================================================== Ubuntu Security Notice USN-944-1 May 25, 2010 glibc, eglibc vulnerabilities CVE-2008-1391, CVE-2010-0296, CVE-2010-0830 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libc6 2.3.6-0ubuntu20.6 Ubuntu 8.04 LTS: libc6 2.7-10ubuntu6 Ubuntu 9.04: libc6 2.9-4ubuntu6.2 Ubuntu 9.10: libc6 2.10.1-0ubuntu17 Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.1 After a standard system update you need to restart all services to make the necessary changes. Details follow: Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) (CVE-2008-1391) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. (CVE-2010-0296) Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-0830)

Referenced CVEs:  CVE-2010-1169, CVE-2010-1170, CVE-2010-1975 Description:  =========================================================== Ubuntu Security Notice USN-942-1 May 21, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities CVE-2010-1169, CVE-2010-1170, CVE-2010-1975 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-plperl-8.1 8.1.21-0ubuntu0.6.06 postgresql-pltcl-8.1 8.1.21-0ubuntu0.6.06 Ubuntu 8.04 LTS: postgresql-plperl-8.3 8.3.11-0ubuntu8.04 postgresql-pltcl-8.3 8.3.11-0ubuntu8.04 Ubuntu 9.04: postgresql-plperl-8.3 8.3.11-0ubuntu9.04 postgresql-pltcl-8.3 8.3.11-0ubuntu9.04 Ubuntu 9.10: postgresql-plperl-8.4 8.4.4-0ubuntu9.10 postgresql-pltcl-8.4 8.4.4-0ubuntu9.10 Ubuntu 10.04 LTS: postgresql-plperl-8.4 8.4.4-0ubuntu10.04 postgresql-pltcl-8.4 8.4.4-0ubuntu10.04 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. Details follow: It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. (CVE-2010-1169) It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code. (CVE-2010-1170) It was discovered that PostgreSQL did not properly check privileges during certain RESET ALL operations. A remote authenticated attacker could exploit this to remove all special parameter settings for a user or database. (CVE-2010-1975)

Referenced CVEs:  CVE-2009-4762 Description:  =========================================================== Ubuntu Security Notice USN-941-1 May 20, 2010 moin vulnerability CVE-2009-4762 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.4 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that MoinMoin incorrectly handled hierarchical access control lists. Users could bypass intended access controls under certain circumstances.

Referenced CVEs:  CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321 Description:  =========================================================== Ubuntu Security Notice USN-940-1 May 19, 2010 krb5 vulnerabilities CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: krb5-kdc 1.4.3-5ubuntu0.11 libkrb53 1.4.3-5ubuntu0.11 Ubuntu 8.04 LTS: krb5-admin-server 1.6.dfsg.3~beta1-2ubuntu1.5 krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.5 Ubuntu 9.04: krb5-admin-server 1.6.dfsg.4~beta1-5ubuntu2.4 krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.4 Ubuntu 9.10: krb5-admin-server 1.7dfsg~beta3-1ubuntu0.6 krb5-kdc 1.7dfsg~beta3-1ubuntu0.6 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. (CVE-2010-1320, CVE-2010-1321)

Referenced CVEs:  CVE-2009-1573, CVE-2010-1166 Description:  =========================================================== Ubuntu Security Notice USN-939-1 May 18, 2010 xorg-server vulnerabilities CVE-2009-1573, CVE-2010-1166 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3 xvfb 2:1.4.1~git20080131-1ubuntu9.3 Ubuntu 9.04: xserver-xorg-core 2:1.6.0-0ubuntu14.2 xvfb 2:1.6.0-0ubuntu14.2 Ubuntu 9.10: xserver-xorg-core 2:1.6.4-2ubuntu4.3 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Loïc Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573) It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166)

Referenced CVEs:  CVE-2010-1000, CVE-2010-1511 Description:  =========================================================== Ubuntu Security Notice USN-938-1 May 13, 2010 kdenetwork vulnerabilities CVE-2010-1000, CVE-2010-1511 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: kget 4:4.2.2-0ubuntu2.3 Ubuntu 9.10: kget 4:4.3.2-0ubuntu4.1 Ubuntu 10.04 LTS: kget 4:4.4.2-0ubuntu4.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. (CVE-2010-1000) It was discovered that KGet would not always wait for user confirmation when downloading metalink files. If a user selected a file to download but did not confirm or cancel the download, KGet would proceed with the download, overwriting any file with the same name. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-1511)

Canonical unveils new 'Unity' desktop environment at Ubuntu Developer Summit Previews 'Ubuntu Light:' an implementation of Unity Targeted at OEMs for 'instant-on' computing

Ubuntu Developer Summit, La Hulpe, Belgium, May 10, 2010: Canonical today unveiled a new desktop environment called 'Unity' at the Ubuntu Developer Summit (UDS) in Belgium. Unity will be the desktop environment for Ubuntu 10.10 Netbook Edition, released in October 2010, and is available today to developers building applications for the netbook environment.

read more

Referenced CVEs:  CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440 Description:  =========================================================== Ubuntu Security Notice USN-937-1 May 06, 2010 texlive-bin vulnerabilities CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: texlive-base-bin 2007.dfsg.1-2ubuntu0.1 Ubuntu 9.04: texlive-base-bin 2007.dfsg.2-4ubuntu2.1 Ubuntu 9.10: texlive-base-bin 2007.dfsg.2-7ubuntu1.1 Ubuntu 10.04 LTS: texlive-binaries 2009-5ubuntu0.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that TeX Live incorrectly handled certain long .bib bibliography files. If a user or automated system were tricked into processing a specially crafted bib file, an attacker could cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284) Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0739, CVE-2010-1440) Dan Rosenberg discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0827)

Referenced CVEs:  CVE-2010-0829 Description:  =========================================================== Ubuntu Security Notice USN-936-1 May 06, 2010 dvipng vulnerability CVE-2010-0829 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: dvipng 1.11-1ubuntu0.9.04.1 Ubuntu 9.10: dvipng 1.11-1ubuntu0.9.10.1 Ubuntu 10.04 LTS: dvipng 1.12-3ubuntu0.1 In general, a standard system update will make all the necessary changes. Details follow: Dan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Referenced CVEs:  CVE-2009-4274 Description:  =========================================================== Ubuntu Security Notice USN-934-1 April 29, 2010 netpbm-free vulnerability CVE-2009-4274 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: netpbm 2:10.0-11.1ubuntu0.1 Ubuntu 9.04: netpbm 2:10.0-12ubuntu0.9.04.1 Ubuntu 9.10: netpbm 2:10.0-12ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

Referenced CVEs:  CVE-2010-0442 Description:  =========================================================== Ubuntu Security Notice USN-933-1 April 28, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability CVE-2010-0442 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.20-0ubuntu0.6.06.1 Ubuntu 8.04 LTS: postgresql-8.3 8.3.10-0ubuntu8.04.1 Ubuntu 9.04: postgresql-8.3 8.3.10-0ubuntu9.04.1 Ubuntu 9.10: postgresql-8.4 8.4.3-0ubuntu9.10.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash.

Canonical's Ubuntu 10.04 LTS Desktop Edition features three years of support, an online music store, a new look and social network integration

Long-term support (LTS) version of popular desktop operating system generally available on 29 April

read more

Canonical's Ubuntu 10.04 LTS Server Edition features the ideal deployment platform for Linux server workloads and cloud computing

Long-term support (LTS) version of popular server operating system generally available on 29 April

read more

Canonical announces strong ISV and open source ecosystem support for Ubuntu 10.04 LTS

London, April 27, 2010: Canonical today revealed strong software vendor support for the upcoming Ubuntu 10.04 LTS (Long-term Support) release for both server and desktop. Ubuntu 10.04 LTS, to be released on 29 April 2010, will ship with hundreds of open source applications available at install with many more open source and proprietary applications becoming available in the days and weeks following.

read more

Description:  =========================================================== Ubuntu Security Notice USN-931-2 April 26, 2010 ffmpeg, ffmpeg-debian regression https://launchpad.net/bugs/567913 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libavcodec1d 3:0.cvs20070307-5ubuntu7.5 libavformat1d 3:0.cvs20070307-5ubuntu7.5 Ubuntu 8.10: libavcodec51 3:0.svn20080206-12ubuntu3.3 libavformat52 3:0.svn20080206-12ubuntu3.3 Ubuntu 9.04: libavcodec52 3:0.svn20090303-1ubuntu6.2 libavformat52 3:0.svn20090303-1ubuntu6.2 Ubuntu 9.10: libavcodec52 4:0.5+svn20090706-2ubuntu2.2 libavformat52 4:0.5+svn20090706-2ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-931-1 fixed vulnerabilities in FFmpeg. The update introduced a regression when trying to play certain multimedia files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

Canonical to roll out independent Ubuntu Certified Professional certification for Ubuntu 10.04 LTS

New Long Term Support release gets 100% Ubuntu-focused training and exam from project sponsor

read more

Description:  =========================================================== Ubuntu Security Notice USN-929-2 April 20, 2010 irssi regression https://launchpad.net/bugs/565182 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: irssi 0.8.12-3ubuntu3.3 Ubuntu 8.10: irssi 0.8.12-4ubuntu2.3 Ubuntu 9.04: irssi 0.8.12-6ubuntu1.3 Ubuntu 9.10: irssi 0.8.14-1ubuntu1.2 After a standard system upgrade you need to restart irssi to effect the necessary changes. Details follow: USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155) Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156) This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.

Referenced CVEs:  CVE-2010-0436 Description:  =========================================================== Ubuntu Security Notice USN-932-1 April 19, 2010 kdebase-workspace vulnerability CVE-2010-0436 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: kdm 4:4.1.4-0ubuntu1~intrepid3.2 Ubuntu 9.04: kdm 4:4.2.2-0ubuntu2.1 Ubuntu 9.10: kdm 4:4.3.2-0ubuntu7.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Sebastian Krahmer discovered a race condition in the KDE Display Manager (KDM). A local attacker could exploit this to change the permissions on arbitrary files, thus allowing privilege escalation.

Referenced CVEs:  CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4637, CVE-2009-4639, CVE-2009-4640 Description:  =========================================================== Ubuntu Security Notice USN-931-1 April 19, 2010 ffmpeg, ffmpeg-debian vulnerabilities CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4637, CVE-2009-4639, CVE-2009-4640 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libavcodec1d 3:0.cvs20070307-5ubuntu7.4 libavformat1d 3:0.cvs20070307-5ubuntu7.4 Ubuntu 8.10: libavcodec51 3:0.svn20080206-12ubuntu3.2 libavformat52 3:0.svn20080206-12ubuntu3.2 Ubuntu 9.04: libavcodec52 3:0.svn20090303-1ubuntu6.1 libavformat52 3:0.svn20090303-1ubuntu6.1 Ubuntu 9.10: libavcodec52 4:0.5+svn20090706-2ubuntu2.1 libavformat52 4:0.5+svn20090706-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.