[ubuntu-cloud-announce] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20120222]
Ben Howard
ben.howard at canonical.com
Thu Feb 23 00:42:43 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.10 (Oneiric Ocelot) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && apt-get distupgrade && reboot'.
The linux-image package was updated to 3.0.0-16-virtual [3] and the
linux-meta
package was updated to 3.0.0.16.19 [4].
CVE Updates:
* accountsservice:
- file permissions bypass (CVE-2011-4406)
* curl:
- reject URLs with embedded control codes (CVE-2012-0036)
* libpng:
- adjust pngrutil.c to verify size when allocating memory in
png_decompress_chunk() (CVE-2011-3026)
* libxml2:
- fix off-by-one leading to denial of service (CVE-2011-0216)
- fix double free in XPath evaluation (CVE-2011-2821)
- fix double free in XPath evaluation (CVE-2011-2834)
- fix out of bounds read (CVE-2011-3905)
- fix heap overflow (CVE-2011-3919)
* openssl:
- perform all computations before discarding messages (CVE-2011-4108)
- SSL 3.0 block padding exposure (CVE-2011-4576)
- malformed RFC 3779 data denial of service attack (CVE-2011-4577)
- Server Gated Cryptography (SGC) denial of service (CVE-2011-4619)
- GOST block cipher denial of service (CVE-2012-0027)
- improve handling of DTLS MAC (CVE-2012-0050)
* software-properties:
- incorrect ssl certificate validation (CVE-2011-4407)
The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
* accountsservice: 0.6.14-1git1ubuntu1 => 0.6.14-1git1ubuntu1.1
* curl: 7.21.6-3ubuntu3 => 7.21.6-3ubuntu3.2
* ifupdown: 0.7~alpha5.1ubuntu5 => 0.7~alpha5.1ubuntu5.1
* language-selector: 0.56 => 0.56.1
* libpng: 1.2.46-3ubuntu1 => 1.2.46-3ubuntu1.1
* libxml2: 2.7.8.dfsg-4 => 2.7.8.dfsg-4ubuntu0.1
* linux: 3.0.0-14.23 => 3.0.0-16.28
* linux-meta: 3.0.0.14.16 => 3.0.0.16.19
* openssl: 1.0.0e-2ubuntu4 => 1.0.0e-2ubuntu4.2
* python-launchpadlib: 1.9.8-2 => 1.9.8-2ubuntu0.1
* software-properties: 0.81.13.1 => 0.81.13.3
* udev: 1:173-0ubuntu4 => 1:173-0ubuntu4.1
* update-manager: 1:0.152.25.5 => 1:0.152.25.8
--
[1] http://cloud-images.ubuntu.com/releases/oneiric/release-20120222/
[2] http://cloud-images.ubuntu.com/releases/oneiric/release-20120108/
[3] https://launchpad.net/ubuntu/oneiric/+source/linux/3.0.0-16.29
[4] https://launchpad.net/ubuntu/+source/linux-meta/3.0.0.16.19
--
Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120222/27424f7a/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list