Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
6a829afc627e391e4662d6ed1b4d39f7bc2ca2ec7ec73fc8ea22755542bf2325
Ubuntu Security Notice 1466-2 - USN 1466-1 fixed a vulnerability in Nova. The upstream patch introduced a regression when a security group granted full access and therefore the network protocol was left unset, causing an error in processing. This update fixes the issue. Various other issues were also addressed.
5ba7f801cc2b55389b0f97d9acd045ded22ab0d3710b40c08a2926988c09156d
Ubuntu Security Notice 1474-1 - A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
2d5343fc89a692c19ed11b334ba4b0df5a097846854827f35c28ae14164dbb27
Ubuntu Security Notice 1473-1 - A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
81d3a2a077480cf1117a02dfa200875f7fded1ed31d2e392913b7e65247c5b87
Ubuntu Security Notice 1430-4 - USN-1430-1 fixed vulnerabilities in Firefox and USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an AppArmor package with updated abstractions for use with the latest Firefox and Thunderbird.
dbea9e52415098801af93f8a9e28d2434f2c7aa2c34fdda62b6376224ac95d97
Ubuntu Security Notice 1472-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
f6b10b2fbdb528f442cb96e52f6df2940c5be1eeabed260818c6143b69ef8d30
Ubuntu Security Notice 1470-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Various other issues were also addressed.
fe6b359af2c687cda0fce023e8e9c9304bee201b1d57cb22fcf7188bb397c2c7
Ubuntu Security Notice 1469-1 - Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.
594c21c635dff165aefb36fc8efba145dfcd42d2ae004ea438cd34b005a18297
Ubuntu Security Notice 1471-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges. Various other issues were also addressed.
5da40a81e209efaa88fb4ba0a92153988d80335c08397b33d2a9d2f74e48edc2
Ubuntu Security Notice 1468-1 - Schacher Raindel discovered a flaw in the Linux kernel's memory handling when hugetlb is enabled. An unprivileged local attacker could exploit this flaw to cause a denial of service and potentially gain higher privileges.
49d840b9c333e32a3a4e88769bed1c994080b9a7bbf9e703ef7f042c9886d84b
Ubuntu Security Notice 1467-1 - It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have been updated to MySQL 5.1.63. A patch to fix the issue was backported to the version of MySQL in Ubuntu 8.04 LTS. Various other issues were also addressed.
52928dd0c621971574807252ccbdfb1af768836701965a6ed9bfbf0a6c13a411
Ubuntu Security Notice 1466-1 - It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol (e.g. 'TCP') in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions.
aaa802033fd02ad4127bca32ff6245611c268e7f7d2b90b51e38b75b80cefe1e
Ubuntu Security Notice 1465-3 - USN-1465-1 fixed vulnerabilities in Ubuntu One Client. The update failed to install on certain Ubuntu 10.04 LTS systems that had a legacy Python 2.5 package installed. This update fixes the problem. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.
5c0afee4c4cf6f20c5072c02b401c558c85c7f6589dbc77daf0c51474d1c8b8f
Ubuntu Security Notice 1463-1 - Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
a1ddfa9c7fec8efed51fe4b27376372c6d46f9f58545ac36826bbc207ecd680e
Ubuntu Security Notice 1464-1 - It was discovered that the Ubuntu Single Sign On Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
289394b386becc411d1da7e03909df1856271f711709c51b346d29cd31c165ae
Ubuntu Security Notice 1465-1 - It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
4043575a28f3151a2c63c3f93da7f4ede5fdb9d43fbcd6804a4bde82d888ea74
Ubuntu Security Notice 1465-2 - USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.
bfc4b1a4f40b1086e4a2f1209aef6c19231f1edd3f5e17263857e268a19058a8
Ubuntu Security Notice 1462-1 - Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked.
fbb84f8a8376f523eed4e2f4816747ef3238b74da3cc1ad2b4f06e1fc32b80b8
Ubuntu Security Notice 1461-1 - It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service. Various other issues were also addressed.
d480f4d0c7f143e0107319fc134d8cf735ea4e8f2d1e69b46c520248589c93c4
Ubuntu Security Notice 1443-2 - USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.
ca40d4ffaa1111eb7d818c773ab0a8c8febe32747e3c27eb46c7448579d6d480
Ubuntu Security Notice 1460-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
5eed4e806cfbd1046a574babd6b104c4b5b1de172cca928a8a7b6e71e6fdff02
Ubuntu Security Notice 1459-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
f8953400254cf2783ba9b51d78b1cd00882b5fa235d26b059d3de43dfc27c4ad
Ubuntu Security Notice 1458-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system. Various other issues were also addressed.
351dbb8a5b12503c42271509730cb86bad79aba2f4a02c0d7863862d1499e767
Ubuntu Security Notice 1456-1 - Sebastian Pohle discovered that Nut did not properly validate its input when receiving data over the network. If upsd was configured to allow connections over the network, a remote attacker could exploit this to cause a denial of service (application crash).
91052e6c1a5d4aac3c32ed0275f0fd401d0df77fe0140283ea7d0f16a3827acc
Ubuntu Security Notice 1457-1 - Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Various other issues were also addressed.
649c25f1d00b47ba22234b57faaf20821809ce2e942e784a0f40d1efe1ac41dc
Ubuntu Security Notice 1455-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
4e7432dce8d4f2ad8388c5b054076886347d78c776785629fe7f4b62a2fe83b8