[ubuntu-cloud-announce] [ec2ubuntu] Refreshed Cloud Images of 10.10 (Maverick Meerkat) [20111001]

Ben Howard ben.howard at canonical.com
Wed Oct 5 02:26:08 UTC 2011


CORRECTION:

I incorrectly stated that 10.10 is a LTS release. 10.10 is NOT an LTS
release and is a normal stable release.

The opening paragraph should have read: "A new release of the Ubuntu
Enterprise Cloud Images for stable Ubuntu release 10.10 LTS (Maverick
Meerkat) is available at [1]. These new images superseded the existing
images [2]. "

My apologies for any confusion this may have caused.

To prevent this from happening again, I have adjusted my template
accordingly.

~Ben

On 10/04/2011 12:52 PM, Ben Howard wrote:
> A new release of the Ubuntu Enterprise Cloud Images for stable Ubuntu
> release 10.10 LTS (Maverick Meerkat) is available at [1]. These new images
> superseded the existing images [2]. Images are available for download or
> immediate use on EC2 via publish AMI ids. Users who wish to update their
> existing installations can do so with:
>       'apt-get update && apt-get distupgrade && reboot'.
>
> Please note that the abbreviation "uec" has been replaced with
> "cloudimg" in file names
> for downloadable images.
>
> Notable package updates:
>  * linux-meta update to 2.6.35.30.38 [3,4] with numerous CVE fixes [5]
>  * ca-certificates: blacklist "DigiNotar Root CA" due to fraudulent
> certificate
>     issuance (LP: #837557)
>  * krb5
>     - kadmind denial of service from freeing of uninitialized pointer.
> (CVE-2011-0285)
>     - kdc denial of service due to double-free if PKINIT capability is
> used. (CVE-2011-0284)
>     - kpropd denial of service via invalid network input (CVE-2010-4022)
>     - kdc denial of service from unauthenticated remote attackers
> (CVE-2011-0281, CVE-2011-0282)
>  * sudo: privilege escalation via -g when using group Runas_List.
> (CVE-2011-0010)
>  * rsync:  denial of service and possible arbitrary code execution via
> malformed data (CVE-2011-1097)
>  * perl:
>     - multiple intended restriction bypasses in Safe.pm. (CVE-2010-1168,
> CVE-2010-1447)
>     - multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF
> injections. (CVE-2010-2716,
>             CVE-2010-4410, CVE-2010-4411)
>     - taint protection bypass via missing taint attributes. (CVE-2011-1487)
>   * bind9:
>     - denial of service via specially crafted packet. (CVE-2011-2464)
>     - denial of service via off-by-one. (CVE-2011-1910)
>     - denial of service via IXFR or DDNS update. (CVE-2011-0414)
>   * pam:
>     - multiple issues with lack of adequate privilege dropping.
> (CVE-2010-3316, CVE-2010-3430,
>             CVE-2010-3431, CVE-2010-3435, CVE-2010-4706, CVE-2010-4707)
>     - privilege escalation via incorrect environment. (CVE-2010-3853)
>   * fuse:
>     - arbitrary unprivileged unmount. (CVE-2011-0541, CVE-2011-0542,
> CVE-2011-0543)
>     - arbitrary unprivileged unmount. (CVE-2010-3879)
>   * util-linux: arbitrary unmount with fuse. (CVE-2010-3879)
>   * dpkg: relative directory and symlink following in source pkgs
> (CVE-2010-1679)
>   * dbus
>     - denial of service via messages with non-native byte order.
> (CVE-2011-2200)
>     - fix DoS with too deeply nested messages. (CVE-2010-4352, LP: #688992)
>
> The following packages have been updated. Please see the full changelogs
> for a complete listing of changes.
>
>   * apparmor: 2.5.1-0ubuntu0.10.10.4
>   * apport: 1.14.1-0ubuntu8.1
>   * apt: 0.8.3ubuntu7.2
>   * bash-completion: 1:1.2-2ubuntu1.1
>   * bind9: 1:9.7.1.dfsg.P2-2ubuntu0.4
>   * ca-certificates: 20090814ubuntu0.10.10.1
>   * curl: 7.21.0-1ubuntu1.1
>   * dbus: 1.4.0-0ubuntu1.3
>   * dhcp3: 3.1.3-2ubuntu6.3
>   * dpkg: 1.15.8.4ubuntu3.1
>   * eglibc: 2.12.1-0ubuntu10.2
>   * euca2ools: 1.2-0ubuntu11.1
>   * freetype: 2.4.2-2ubuntu0.2
>   * fuse: 2.8.4-1ubuntu1.3
>   * glib2.0: 2.26.1-0ubuntu1
>   * grub2: 1.98+20100804-5ubuntu3.3
>   * ifupdown: 0.6.10ubuntu3.1
>   * initramfs-tools: 0.98.1ubuntu6.1
>   * krb5: 1.8.1+dfsg-5ubuntu0.7
>   * landscape-client: 11.07.1.1-0ubuntu0.10.10.0
>   * language-selector: 0.6.8
>   * libpng: 1.2.44-1ubuntu0.1
>   * libxml2: 2.7.7.dfsg-4ubuntu0.2
>   * linux: 2.6.35-30.59
>   * linux-firmware: 1.38.6
>   * linux-meta: 2.6.35.30.38
>   * logrotate: 3.7.8-6ubuntu1.1
>   * ntp: 1:4.2.4p8+dfsg-1ubuntu6.1
>   * openldap: 2.4.23-0ubuntu3.5
>   * openssh: 1:5.5p1-4ubuntu6
>   * openssl: 0.9.8o-1ubuntu4.4
>   * pam: 1.1.1-4ubuntu2.3
>   * parted: 2.3-2ubuntu2
>   * pcsc-lite: 1.5.5-3ubuntu2.1
>   * perl: 5.10.1-12ubuntu2.1
>   * pm-utils: 1.4.1-3ubuntu1
>   * policykit-1: 0.96-2ubuntu1.1
>   * python-apt: 0.7.96.1ubuntu11.2
>   * rsync: 3.0.7-2ubuntu1.1
>   * shadow: 1:4.1.4.2-1ubuntu3.2
>   * smart: 1.3-1ubuntu0.2
>   * sqlite3: 3.7.2-1ubuntu0.1
>   * sudo: 1.7.2p7-1ubuntu2.1
>   * sysvinit: 2.87dsf-4ubuntu19.1
>   * tar: 1.23-2ubuntu2
>   * tzdata: 2011j-0ubuntu0.10.10
>   * update-manager: 1:0.142.23
>   * upstart: 0.6.6-4
>   * util-linux: 2.17.2-0ubuntu1.10.10.2
>   * w3m: 0.5.2-6ubuntu1
>   * xkeyboard-config: 1.8-1ubuntu8.1~10.10.1
>
>
> --
>
> [1] http://uec-images.ubuntu.com/server/releases/maverick/release-20111001/
> [2] http://uec-images.ubuntu.com/server/releases/maverick/release-20101225/
> [3] https://launchpad.net/ubuntu/+source/linux-meta
> [4] https://launchpad.net/ubuntu/+source/linux-meta/2.6.35.30.38
>

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20111004/56f12e32/attachment.pgp>


More information about the Ubuntu-cloud-announce mailing list