[ubuntu-cloud-announce] Refreshed Cloud Images of 10.04 LTS (Lucid Lynx) [20120726]
Ben Howard
ben.howard at canonical.com
Thu Jul 26 22:42:15 UTC 2012
A new release of the Ubuntu Cloud Images for stable Ubuntu
release 10.04 (Luicd Lynx) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
'apt-get update && sudo apt-get dist-upgrade && reboot'.
linux-ec2 was updated to 2.6.32-344.46 [3] and linux-meta was
updated to 2.6.32.41.48 [4]
CVE Updates:
* apt
- Disable apt-key net-update for now, as validation
code is still insecure (CVE-2012-0954)
* bind9
- ghost domain names attack (CVE-2012-1033)
- denial of service via zero length rdata handling (CVE-2012-1667)
* gnutls26
- Denial of service in client application (CVE-2011-4128)
- Denial of service via crafted TLS record (CVE-2012-1573
* libxml2
- Fix an off by one pointer access in xpointer.c (CVE-2011-3102)
* libpng: 1.2.42-1ubuntu2.4 => 1.2.42-1ubuntu2.5 ====
- denial of service and possible code execution via memory corruption
issue (CVE-2011-3048)
* libtasn1-3: 2.4-1 => 2.4-1ubuntu0.1 ====
- denial of service and possible code execution via certain large
length values (CVE-2012-1569)
* openssl
- denial of service attack in DTLS implementation (CVE-2012-2333)
- million message attack (MMA) in CMS and PKCS #7 (CVE-2012-0884)
- incomplete fix for CVE-2012-2110 (CVE-2012-2131)
- NULL pointer dereference in S/MIME messages with broken headers
(CVE-2006-7250 and CVE-2012-1165)
- fix various overflows (CVE-2012-2110)
* sudo
- Properly handle multiple netmasks in sudoers Host and Host_List
values (CVE-2012-2337)
Due to a dependency change of landscape-client, python-twisted-names is
now installed.
The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
* apparmor: 2.5.1-0ubuntu0.10.04.3 => 2.5.1-0ubuntu0.10.04.4
* apt: 0.7.25.3ubuntu9.11 => 0.7.25.3ubuntu9.13
* bind9: 1:9.7.0.dfsg.P1-1ubuntu0.4 => 1:9.7.0.dfsg.P1-1ubuntu0.5
* gnutls26: 2.8.5-2 => 2.8.5-2ubuntu0.1
* insserv: 1.12.0-14 => 1.12.0-14ubuntu0.2
* landscape-client: 11.07.1.1-0ubuntu0.10.04.0 =>
12.04.3-0ubuntu0.10.04
* libgcrypt11: 1.4.4-5ubuntu2 => 1.4.4-5ubuntu2.1
* libpng: 1.2.42-1ubuntu2.4 => 1.2.42-1ubuntu2.5
* libtasn1-3: 2.4-1 => 2.4-1ubuntu0.1
* libxml2: 2.7.6.dfsg-1ubuntu1.4 => 2.7.6.dfsg-1ubuntu1.5
* linux: 2.6.32-40.87 => 2.6.32-41.94
* linux-ec2: 2.6.32-344.46 => 2.6.32-346.51
* linux-firmware: 1.34.7 => 1.34.14
* linux-meta: 2.6.32.40.47 => 2.6.32.41.48
* linux-meta-ec2: 2.6.32.344.25 => 2.6.32.346.27
* openssl: 0.9.8k-7ubuntu8.8 => 0.9.8k-7ubuntu8.13
* sudo: 1.7.2p1-1ubuntu5.3 => 1.7.2p1-1ubuntu5.4
* wpasupplicant: 0.6.9-3ubuntu3 => 0.6.9-3ubuntu3.1
--
[1] http://cloud-images.ubuntu.com/releases/lucid/20120724/
[2] http://cloud-images.ubuntu.com/releases/lucid/release-20120403/
[3] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-344.46/
[4] https://launchpad.net/ubuntu/+source/linux-meta/2.6.32.41.48/
--
Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud-announce/attachments/20120726/7c299051/attachment.pgp>
More information about the Ubuntu-cloud-announce
mailing list