[ubuntu-cloud-announce] Refreshed Cloud Images of 11.04 (Natty Narwhal) [20120723]
Ben Howard
ben.howard at canonical.com
Mon Jul 23 20:38:51 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu release 11.04 (Natty Narwhal) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && sudo apt-get dist-upgrade && reboot'.
This release includes HVM images for the Amazon AWS eu-west-1 region.
The linux-image packages was updated to 2.6.38-15.64 [3] and the linux
meta-data package was updated to 2.6.38.15.30 [4].
CVE Updates:
* apt
- Disable apt-key net-update for now, as validation code is still
insecure (CVE-2012-0954)
* bind9
- ghost domain names attack (CVE-2012-1033)
- denial of service via zero length rdata handling (CVE-2012-1667)
* gnutls26
- Denial of service in client application (CVE-2011-4128)
- Denial of service via crafted TLS record (CVE-2012-1573)
* libpng
- denial of service and possible code execution via memory corruption
issue. (CVE-2011-3048)
* libtasn1-3
- denial of service and possible code execution via certain large
length values. (CVE-2012-1569)
* libxml2
- Fix an off by one pointer access in xpointer.c (CVE-2011-3102)
* openssl
- denial of service attack in DTLS implementation (CVE-2012-2333)
- million message attack (MMA) in CMS and PKCS #7 (CVE-2012-0884)
- incomplete fix for CVE-2012-2110 (CVE-2012-2131)
- NULL pointer dereference in S/MIME messages with broken headers
(CVE-2006-7250), (CVE-2012-1165)
- fix various overflows (CVE-2012-2110)
* sudo
- Properly handle multiple netmasks in sudoers Host and Host_List
values (CVE-2012-2337)
* python-crypto
- incorrect ElGamal key generation (CVE-2012-2417)
* update-manager
- Incomplete fix for CVE-2012-0949 (CVE-2012-0950)
- Incorrect permissions on system_state archive may expose repo
passwords (CVE-2012-0948)
- Apport hook may upload system_state archive containing repo passwords
(CVE-2012-0949)
The following packages have been updated. Please see the full changelogs
for a complete listing changes:
* apparmor: 2.6.1-0ubuntu3 => 2.6.1-0ubuntu3.1
* apt: 0.8.13.2ubuntu4.4 => 0.8.13.2ubuntu4.6
* bind9: 1:9.7.3.dfsg-1ubuntu2.3 => 1:9.7.3.dfsg-1ubuntu2.4
* gnutls26: 2.8.6-1ubuntu2 => 2.8.6-1ubuntu2.1
* grub-gfxpayload-lists: 0.2 => 0.2.3
* insserv: 1.14.0-2 => 1.14.0-2ubuntu0.11.04.2
* landscape-client: 11.07.1.1-0ubuntu0.11.04.0 => 12.04.3-0ubuntu0.11.04
* libpng: 1.2.44-1ubuntu3.3 => 1.2.44-1ubuntu3.4
* libtasn1-3: 2.7-1ubuntu1 => 2.7-1ubuntu1.1
* libxml2: 2.7.8.dfsg-2ubuntu0.3 => 2.7.8.dfsg-2ubuntu0.4
* linux: 2.6.38-13.57 => 2.6.38-15.64
* linux-firmware: 1.52 => 1.52.4
* linux-meta: 2.6.38.13.28 => 2.6.38.15.30
* lxc: 0.7.4-0ubuntu7.2 => 0.7.4-0ubuntu7.3
* openssl: 0.9.8o-5ubuntu1.2 => 0.9.8o-5ubuntu1.7
* python-crypto: 2.1.0-2ubuntu1 => 2.1.0-2ubuntu1.1
* sudo: 1.7.4p4-5ubuntu7.1 => 1.7.4p4-5ubuntu7.2
* update-manager: 1:0.150.5.2 => 1:0.150.5.4
--
[1] http://cloud-images.ubuntu.com/releases/natty/release-20120723
[2] http://cloud-images.ubuntu.com/releases/natty/release-20120402
[3] https://launchpad.net/ubuntu/+source/linux/2.6.38-15.64
[4] https://launchpad.net/ubuntu/+source/linux-meta/2.6.38.15.30/
-- Ben Howard ben.howard at canonical.com Canonical GPG ID 0x5406A866
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120723/fd7972d8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120723/fd7972d8/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list