[ubuntu-cloud-announce] Refreshed Cloud Images of Ubuntu Server 8.04 (Hardy Heron) [20120405]
Ben Howard
ben.howard at canonical.com
Fri Apr 6 22:16:30 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu release
8.04 LTS (Hardy Heron) is available at [1]. Images are available for
download or immediate use on EC2 via published AMI ids. Users who
wish to update their existing installations can do so with:
'apt-get update && sudo apt-get dist-upgrade && reboot'.
linux-image has been updated to 2.6.24-31.100 [3].
In order to support the new S3-backed mirrors, these images have an
updated apt configuration that is not managed by any package. All
EC2 Cloud Image users should run the following command on their
existing Ubuntu 8.04 LTS (Hardy Heron) AMIs:
$ echo 'Acquire::http::Pipeline-Depth "0";' |
sudo tee /etc/apt/apt.conf.d/99-no-pipelining
See [4] for more information.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
- apt: 0.7.9ubuntu17.3 => 0.7.9ubuntu17.4
- bind9: 1:9.4.2.dfsg.P2-2ubuntu0.8 => 1:9.4.2.dfsg.P2-2ubuntu0.9
- bzip2: 1.0.4-2ubuntu4.1 => 1.0.4-2ubuntu4.2
- glibc: 2.7-10ubuntu8 => 2.7-10ubuntu8.1
- linux: 2.6.24-29.93 => 2.6.24-31.100
- linux-meta: 2.6.24.29.31 => 2.6.24.31.33
- linux-restricted-modules-2.6.24: 2.6.24.18-29.9 => 2.6.24.18-31.12
- openssl: 0.9.8g-4ubuntu3.13 => 0.9.8g-4ubuntu3.15
- pam: 0.99.7.1-5ubuntu6.4 => 0.99.7.1-5ubuntu6.5
- python-apt: 0.7.4ubuntu7.5 => 0.7.4ubuntu7.7
- tzdata: 2011j~repack-0ubuntu0.8.04 => 2012b~repack-0ubuntu0.8.04
- update-manager: 1:0.87.31 => 1:0.87.33
New Packages:
- linux-restricted-modules-2.6.24-31-xen
- linux-ubuntu-modules-2.6.24-31-xen
CVE Updates:
* bind9
- denial of service via specially crafted packet
CVE-2011-4313
* bzip2
- Fix temporary file creation race condition
CVE-2011-4089
* glibc: 2.7-10ubuntu8 => 2.7-10ubuntu8.1
- timezone header parsing integer overflow (LP: #906961)
CVE-2009-5029
- remove encrypted passwords from passwd entries, and add them
in shadow entries and fix incorrect password overwriting
CVE-2010-0015
- memory consumption denial of service in fnmatch
CVE-2011-1071
- /etc/mtab corruption denial of service
CVE-2011-1089
- insufficient locale environment sanitization
CVE-2011-1095
- ld.so insecure handling of privileged programs' RPATHs with $ORIGIN
CVE-2011-1658
- fnmatch integer overflow
CVE-2011-1659
- signedness bug in memcpy_ssse3
CVE-2011-2702
- DoS in RPC implementation (LP: #901716)
CVE-2011-4609
- vfprintf nargs overflow leading to FORTIFY check bypass
CVE-2012-0864
* openssl
- ECDSA private key timing attack
CVE-2011-1945
- ECDH ciphersuite denial of service
CVE-2011-3210
- DTLS plaintext recovery attack (LP: #922229)
CVE-2011-4108
- policy check double free vulnerability
CVE-2011-4019
- incorrect elliptic curve computation TLS key exposure
CVE-2011-4354
- SSL 3.0 block padding exposure
CVE-2011-4576
- malformed RFC 3779 data denial of service attack
CVE-2011-4577
- Server Gated Cryptography (SGC) denial of service
CVE-2011-4619
- fix for CVE-2011-4108 denial of service attack
CVE-2012-0050
* pam
- possible code execution via incorrect environment file
CVE-2011-3148
- denial of service via overflowed environment variable
CVE-2011-3149
* update-manager
- arbitrary code execution via directory traversal
CVE-2011-3152
- information leak via insecure temp file (LP: #881541)
CVE-2011-3154
--
[1]
http://cloud-images-images.ubuntu.com/server/releases/hardy/release-20120405/
[2]
http://cloud-images-images.ubuntu.com/server/releases/hardy/release-20111003/
[3] https://launchpad.net/ubuntu/+source/linux/2.6.24-31.100
[4] https://lists.ubuntu.com/archives/ubuntu-cloud/2012-April/000752.html
--
Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120406/5c1bfa0f/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list