[ubuntu-cloud-announce] Refreshed UEC Images of 10.04 LTS (Lucid Lynx) [20110930]
Ben Howard
ben.howard at canonical.com
Mon Oct 3 23:00:21 UTC 2011
A new release of the Ubuntu Enterprise Cloud Images for stable Ubuntu
release 10.04 LTS (Lucid Lynx) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && apt-get distupgrade && reboot'.
Notable updates:
* linux-virtual and linux-ec2 2.6.32-317.36 has been release [2,3]
fixing numerous
CVES [5]
* dbus: denial of service via messages with non-native byte order
(CVE-2011-2200)
* ca-certificates: Blacklist "DigiNotar Root CA" due to fraudulent
certificate
issuance (LP: #837557)
* apt: Disable apt-key net-update for now, as validation code is
insecure. (LP: #856489)
* logrotate
- arbitrary code execution via shell metacharacters in log filename
(CVE-2011-1154)
- denial of service via invalid characters in log filename
(CVE-2011-1155)
Packages updated:
* apt 0.7.25.3ubuntu9.7
* ca-certificates 20090814ubuntu0.10.04.1
* dbus 1.2.16-2ubuntu4.3
* dhcp3 3.1.3-2ubuntu3.3
* landscape-client 11.07.1.1-0ubuntu0.10.04.0
* libpng 1.2.42-1ubuntu2.2
* linux 2.6.32-34.77
* linux-ec2 2.6.32-318.38
* linux-meta 2.6.32.34.40
* linux-meta-ec2 2.6.32.318.19
* logrotate 3.7.8-4ubuntu2.2
* parted 2.2-5ubuntu5.2
* python-apt 0.7.94.2ubuntu6.4
* smart 1.2-5ubuntu0.2
* tzdata 2011j-0ubuntu0.10.04
Please see the full change logs for a complete listing of changes.
--
[1] http://uec-images.ubuntu.com/server/releases/lucid/release-20110930
<http://www.google.com/url?sa=D&q=http://uec-images.ubuntu.com/server/releases/lucid/release-20110719/&usg=AFQjCNEbMq_0T3zlXF1Y0tHzTByb9v5SrQ>
[2] http://uec-images.ubuntu.com/server/releases/lucid/release-20110719
<http://www.google.com/url?sa=D&q=http://uec-images.ubuntu.com/server/releases/lucid/release-20110719/&usg=AFQjCNEbMq_0T3zlXF1Y0tHzTByb9v5SrQ>
[3] https://launchpad.net/ubuntu/+source/linux-ec2
<http://www.google.com/url?sa=D&q=https://launchpad.net/ubuntu/%2Bsource/linux-ec2&usg=AFQjCNEimF76oLRpYl178YfN8-5QvFnEWA>
[4] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-318.37
<http://www.google.com/url?sa=D&q=https://launchpad.net/ubuntu/%2Bsource/linux-ec2/2.6.32-317.36&usg=AFQjCNEp5Qcr1xVNg_JvFeqjQEGk1s5ndQ>
[5] Kernel CVE References:
https://bugs.launchpad.net/bugs/cve/2010-4076
https://bugs.launchpad.net/bugs/cve/2010-4077
https://bugs.launchpad.net/bugs/cve/2010-4251
https://bugs.launchpad.net/bugs/cve/2010-4805
https://bugs.launchpad.net/bugs/cve/2010-1020
https://bugs.launchpad.net/bugs/cve/2010-1493
https://bugs.launchpad.net/bugs/cve/2010-1577
https://bugs.launchpad.net/bugs/cve/2010-2484
https://bugs.launchpad.net/bugs/cve/2010-2492
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20111003/11fc5455/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list