[ubuntu-cloud-announce] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20120222]

Ben Howard ben.howard at canonical.com
Thu Feb 23 00:42:43 UTC 2012 

A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.10 (Oneiric Ocelot) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && apt-get distupgrade && reboot'.

The linux-image package was updated to 3.0.0-16-virtual [3] and the
linux-meta
package was updated to 3.0.0.16.19 [4].

CVE Updates:

  * accountsservice:
         - file permissions bypass (CVE-2011-4406)
  * curl:
    - reject URLs with embedded control codes (CVE-2012-0036)
  * libpng:
    - adjust pngrutil.c to verify size when allocating memory in
        png_decompress_chunk() (CVE-2011-3026)
  * libxml2:
    - fix off-by-one leading to denial of service (CVE-2011-0216)
    - fix double free in XPath evaluation (CVE-2011-2821)
    - fix double free in XPath evaluation (CVE-2011-2834)
    - fix out of bounds read (CVE-2011-3905)
    - fix heap overflow (CVE-2011-3919)
  * openssl:
    - perform all computations before discarding messages (CVE-2011-4108)
    - SSL 3.0 block padding exposure (CVE-2011-4576)
    - malformed RFC 3779 data denial of service attack (CVE-2011-4577)
    - Server Gated Cryptography (SGC) denial of service (CVE-2011-4619)
    - GOST block cipher denial of service (CVE-2012-0027)
    - improve handling of DTLS MAC (CVE-2012-0050)
  * software-properties:
    - incorrect ssl certificate validation (CVE-2011-4407)
 

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
  * accountsservice: 0.6.14-1git1ubuntu1 => 0.6.14-1git1ubuntu1.1
  * curl: 7.21.6-3ubuntu3 => 7.21.6-3ubuntu3.2
  * ifupdown: 0.7~alpha5.1ubuntu5 => 0.7~alpha5.1ubuntu5.1
  * language-selector: 0.56 => 0.56.1
  * libpng: 1.2.46-3ubuntu1 => 1.2.46-3ubuntu1.1
  * libxml2: 2.7.8.dfsg-4 => 2.7.8.dfsg-4ubuntu0.1
  * linux: 3.0.0-14.23 => 3.0.0-16.28
  * linux-meta: 3.0.0.14.16 => 3.0.0.16.19
  * openssl: 1.0.0e-2ubuntu4 => 1.0.0e-2ubuntu4.2
  * python-launchpadlib: 1.9.8-2 => 1.9.8-2ubuntu0.1
  * software-properties: 0.81.13.1 => 0.81.13.3
  * udev: 1:173-0ubuntu4 => 1:173-0ubuntu4.1
  * update-manager: 1:0.152.25.5 => 1:0.152.25.8



-- 

[1] http://cloud-images.ubuntu.com/releases/oneiric/release-20120222/
[2] http://cloud-images.ubuntu.com/releases/oneiric/release-20120108/
[3] https://launchpad.net/ubuntu/oneiric/+source/linux/3.0.0-16.29
[4] https://launchpad.net/ubuntu/+source/linux-meta/3.0.0.16.19

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120222/27424f7a/attachment.pgp>

More information about the Ubuntu-cloud-announce mailing list