[ubuntu-cloud-announce] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20120403]
Ben Howard
ben.howard at canonical.com
Tue Apr 3 21:15:32 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.10 (Oneiric Ocelot) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && apt-get distupgrade && reboot'.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes.
- apt: 0.8.16~exp5ubuntu13 => 0.8.16~exp5ubuntu13.2
- cloud-init: 0.6.1-0ubuntu22 => 0.6.1-0ubuntu22.1
- distribute: 0.6.16-1 => 0.6.16-1ubuntu0.1
- eglibc: 2.13-20ubuntu5 => 2.13-20ubuntu5.1
- freetype: 2.4.4-2ubuntu1.1 => 2.4.4-2ubuntu1.2
- gzip: 1.3.12-9ubuntu1.1 => 1.3.12-9ubuntu1.2
- libpng: 1.2.46-3ubuntu1.1 => 1.2.46-3ubuntu1.2
- libxml2: 2.7.8.dfsg-4ubuntu0.1 => 2.7.8.dfsg-4ubuntu0.2
- linux: 3.0.0-16.28 => 3.0.0-17.30
- linux-meta: 3.0.0.16.19 => 3.0.0.17.20
- lxc: 0.7.5-0ubuntu8.3 => 0.7.5-0ubuntu8.5
- python-httplib2: 0.7.1-1ubuntu1 => 0.7.2-1ubuntu2~0.11.10.1
- python-pam: 0.4.2-12.2ubuntu2 => 0.4.2-12.2ubuntu2.11.10.1
- tzdata: 2011n-0ubuntu0.11.10 => 2012b-0ubuntu0.11.10
- udev: 173-0ubuntu4.1 => 173-0ubuntu4.2
Kernel Update: linux-image has been updated to 3.0.0-17.30 [3].
CVE Updates:
* apt
- apt apt-utils libapt-pkg4.11 libapt-inst1.3 apt-transport-https
trust bypass via stale InRelease file (LP: #947108)
CVE-2012-0214
* eglibc
- timezone header parsing integer overflow (LP: #906961)
CVE-2009-5029
- ld.so insecure handling of privileged programs
CVE-2011-1658
- DoS in RPC implementation (LP: #901716)
CVE-2011-4609
- vfprintf nargs overflow leading to FORTIFY
CVE-2012-0864
* libpnglibpng12-0
- denial of service and possible code execution via incorrect type.
CVE-2011-3045
* libxml2:
- add randomization to dictionaries with hash tables
CVE-2012-0841
* freetype:
- Denial of service via crafted BDF font:
CVE-2012-1126, CVE-2012-1127, CVE-2012-1136,
CVE-2012-1133, CVE-2012-1137, CVE-2012-1139,
CVE-2012-1141
- Denial of service via crafted TrueType font:
CVE-2012-1128, CVE-2012-1131, CVE-2012-1135,
CVE-2012-1138, CVE-2012-1144
- Denial of service via crafted Type42 font
CVE-2012-1129
- Denial of service via crafted PCF font
CVE-2012-1130
- Denial of service via crafted Type1 font:
CVE-2012-1132, CVE-2012-1134
- Denial of service via crafted PostScript font
CVE-2012-1140
- Denial of service via crafted Windows FNT/FON font
CVE-2012-1142
- Denial of service via crafted font
CVE-2012-1143
* python-pam
- possible code execution via double-free (LP: #949218)
CVE-2012-1502
--
[1]
http://cloud-images-images.ubuntu.com/server/releases/oneiric/release-20120403
[2]
http://cloud-images-images.ubuntu.com/server/releases/oneiric/release-20120222
[3] https://launchpad.net/ubuntu/+source/linux/3.0.0-17.30
--
Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120403/1271c21e/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list