[ubuntu-cloud-announce] Refreshed Cloud Images of 10.04 LTS (Lucid Lynx) [2011]
Ben Howard
ben.howard at canonical.com
Tue Apr 3 21:15:12 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu
release 10.04 LTS (Lucid Lynx) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && apt-get distupgrade && reboot'.
The Linux kernel has been updated to 2.6.32-344.46 [3] and
linux-meta-ec2 has been updated to 2.6.32.344.25.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes
- apt: 0.7.25.3ubuntu9.10 => 0.7.25.3ubuntu9.11
- cloud-init: 0.5.10-0ubuntu1.5 => 0.5.10-0ubuntu1.7
- consolekit: 0.4.1-3ubuntu2 => 0.4.1-3ubuntu3
- cron: 3.0pl1-106ubuntu5 => 3.0pl1-106ubuntu6
- eglibc: 2.11.1-0ubuntu7.8 => 2.11.1-0ubuntu7.10
- freetype: 2.3.11-1ubuntu2.5 => 2.3.11-1ubuntu2.6
- gcc-4.4: 1:4.4.3-4ubuntu5 => 1:4.4.3-4ubuntu5.1
- lazr.restfulclient: 0.9.11-1ubuntu1.2 => 0.9.11-1ubuntu1.3
- libpng: 1.2.42-1ubuntu2.3 => 1.2.42-1ubuntu2.4
- libxml2: 2.7.6.dfsg-1ubuntu1.3 => 2.7.6.dfsg-1ubuntu1.4
- linux: 2.6.32-38.83 => 2.6.32-40.87
- linux-ec2: 2.6.32-342.43 => 2.6.32-344.46
- linux-meta: 2.6.32.38.44 => 2.6.32.40.47
- linux-meta-ec2: 2.6.32.342.23 => 2.6.32.344.25
- procps: 1:3.2.8-1ubuntu4 => 1:3.2.8-1ubuntu4.2
- python-httplib2: 0.6.0-1 => 0.7.2-1ubuntu2~0.10.04.1
- python-pam: 0.4.2-12.1ubuntu1 => 0.4.2-12.1ubuntu1.10.04.1
- python-wadllib: 1.1.4-1ubuntu1 => 1.1.4-1ubuntu1.1
- tzdata: 2011n-0ubuntu0.10.04 => 2012b-0ubuntu0.10.04
- update-manager: 1:0.134.11.2 => 1:0.134.12.1
CVE Updates:
* eglibc
- timezone header parsing integer overflow (LP: #906961)
CVE-2009-5029
- memory consumption denial of service in fnmatch
CVE-2011-1071
- /etc/mtab corruption denial of service
CVE-2011-1089
- insufficient locale environment sanitization
CVE-2011-1095
- ld.so insecure handling of privileged programs'
RPATHs with $ORIGIN
CVE-2011-1658
- fnmatch integer overflow
CVE-2011-1659
- signedness bug in memcpy_ssse3
CVE-2011-2702
- DoS in RPC implementation (LP: #901716)
CVE-2011-4609
- vfprintf nargs overflow leading to FORTIFY
check bypass
CVE-2012-0864
* freetype
- Denial of service via crafted BDF font:
CVE-2012-1126, CVE-2012-1127, CVE-2012-1136,
CVE-2012-1133, CVE-2012-1137, CVE-2012-1139,
CVE-2012-1141
- Denial of service via crafted TrueType font:
CVE-2012-1128, CVE-2012-1131, CVE-2012-1135,
CVE-2012-1138, CVE-2012-1144
- Denial of service via crafted Type42 font
CVE-2012-1129
- Denial of service via crafted PCF font
CVE-2012-1130
- Denial of service via crafted Type1 font:
CVE-2012-1132, CVE-2012-1134
- Denial of service via crafted PostScript font
CVE-2012-1140
- Denial of service via crafted Windows FNT/FON font
CVE-2012-1142
- Denial of service via crafted font
CVE-2012-1143
* libpng
- denial of service and possible code execution via
incorrect type.
CVE-2011-3045
* libxml2
- add randomization to dictionaries with hash tables
help prevent denial of service via hash algorithm collision
CVE-2012-0841
* python-pam
- possible code execution via double-free (LP: #949218)
CVE-2012-1502
--
[1] http://cloud-images.ubuntu.com/releases/lucid/release-20120403/
[2] http://cloud-images-archive.ubuntu.com/releases/lucid/release-20120221/
[3] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-344.46
[4] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-
--
Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120403/66160cf4/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list