[ubuntu-cloud] Refreshed Cloud Images of 10.10 (Maverick Meerkat) [20111001]

Ben Howard ben.howard at canonical.com
Tue Oct 4 18:52:10 UTC 2011 

A new release of the Ubuntu Enterprise Cloud Images for stable Ubuntu
release 10.10 LTS (Maverick Meerkat) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
      'apt-get update && apt-get distupgrade && reboot'.

Please note that the abbreviation "uec" has been replaced with
"cloudimg" in file names
for downloadable images.

Notable package updates:
 * linux-meta update to 2.6.35.30.38 [3,4] with numerous CVE fixes [5]
 * ca-certificates: blacklist "DigiNotar Root CA" due to fraudulent
certificate
    issuance (LP: #837557)
 * krb5
    - kadmind denial of service from freeing of uninitialized pointer.
(CVE-2011-0285)
    - kdc denial of service due to double-free if PKINIT capability is
used. (CVE-2011-0284)
    - kpropd denial of service via invalid network input (CVE-2010-4022)
    - kdc denial of service from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282)
 * sudo: privilege escalation via -g when using group Runas_List.
(CVE-2011-0010)
 * rsync:  denial of service and possible arbitrary code execution via
malformed data (CVE-2011-1097)
 * perl:
    - multiple intended restriction bypasses in Safe.pm. (CVE-2010-1168,
CVE-2010-1447)
    - multiple issues in CGI.pm: hardcoded MIME boundary, and CRLF
injections. (CVE-2010-2716,
            CVE-2010-4410, CVE-2010-4411)
    - taint protection bypass via missing taint attributes. (CVE-2011-1487)
  * bind9:
    - denial of service via specially crafted packet. (CVE-2011-2464)
    - denial of service via off-by-one. (CVE-2011-1910)
    - denial of service via IXFR or DDNS update. (CVE-2011-0414)
  * pam:
    - multiple issues with lack of adequate privilege dropping.
(CVE-2010-3316, CVE-2010-3430,
            CVE-2010-3431, CVE-2010-3435, CVE-2010-4706, CVE-2010-4707)
    - privilege escalation via incorrect environment. (CVE-2010-3853)
  * fuse:
    - arbitrary unprivileged unmount. (CVE-2011-0541, CVE-2011-0542,
CVE-2011-0543)
    - arbitrary unprivileged unmount. (CVE-2010-3879)
  * util-linux: arbitrary unmount with fuse. (CVE-2010-3879)
  * dpkg: relative directory and symlink following in source pkgs
(CVE-2010-1679)
  * dbus
    - denial of service via messages with non-native byte order.
(CVE-2011-2200)
    - fix DoS with too deeply nested messages. (CVE-2010-4352, LP: #688992)

The following packages have been updated. Please see the full changelogs
for a complete listing of changes.

  * apparmor: 2.5.1-0ubuntu0.10.10.4
  * apport: 1.14.1-0ubuntu8.1
  * apt: 0.8.3ubuntu7.2
  * bash-completion: 1:1.2-2ubuntu1.1
  * bind9: 1:9.7.1.dfsg.P2-2ubuntu0.4
  * ca-certificates: 20090814ubuntu0.10.10.1
  * curl: 7.21.0-1ubuntu1.1
  * dbus: 1.4.0-0ubuntu1.3
  * dhcp3: 3.1.3-2ubuntu6.3
  * dpkg: 1.15.8.4ubuntu3.1
  * eglibc: 2.12.1-0ubuntu10.2
  * euca2ools: 1.2-0ubuntu11.1
  * freetype: 2.4.2-2ubuntu0.2
  * fuse: 2.8.4-1ubuntu1.3
  * glib2.0: 2.26.1-0ubuntu1
  * grub2: 1.98+20100804-5ubuntu3.3
  * ifupdown: 0.6.10ubuntu3.1
  * initramfs-tools: 0.98.1ubuntu6.1
  * krb5: 1.8.1+dfsg-5ubuntu0.7
  * landscape-client: 11.07.1.1-0ubuntu0.10.10.0
  * language-selector: 0.6.8
  * libpng: 1.2.44-1ubuntu0.1
  * libxml2: 2.7.7.dfsg-4ubuntu0.2
  * linux: 2.6.35-30.59
  * linux-firmware: 1.38.6
  * linux-meta: 2.6.35.30.38
  * logrotate: 3.7.8-6ubuntu1.1
  * ntp: 1:4.2.4p8+dfsg-1ubuntu6.1
  * openldap: 2.4.23-0ubuntu3.5
  * openssh: 1:5.5p1-4ubuntu6
  * openssl: 0.9.8o-1ubuntu4.4
  * pam: 1.1.1-4ubuntu2.3
  * parted: 2.3-2ubuntu2
  * pcsc-lite: 1.5.5-3ubuntu2.1
  * perl: 5.10.1-12ubuntu2.1
  * pm-utils: 1.4.1-3ubuntu1
  * policykit-1: 0.96-2ubuntu1.1
  * python-apt: 0.7.96.1ubuntu11.2
  * rsync: 3.0.7-2ubuntu1.1
  * shadow: 1:4.1.4.2-1ubuntu3.2
  * smart: 1.3-1ubuntu0.2
  * sqlite3: 3.7.2-1ubuntu0.1
  * sudo: 1.7.2p7-1ubuntu2.1
  * sysvinit: 2.87dsf-4ubuntu19.1
  * tar: 1.23-2ubuntu2
  * tzdata: 2011j-0ubuntu0.10.10
  * update-manager: 1:0.142.23
  * upstart: 0.6.6-4
  * util-linux: 2.17.2-0ubuntu1.10.10.2
  * w3m: 0.5.2-6ubuntu1
  * xkeyboard-config: 1.8-1ubuntu8.1~10.10.1


--

[1] http://uec-images.ubuntu.com/server/releases/maverick/release-20111001/
[2] http://uec-images.ubuntu.com/server/releases/maverick/release-20101225/
[3] https://launchpad.net/ubuntu/+source/linux-meta
[4] https://launchpad.net/ubuntu/+source/linux-meta/2.6.35.30.38

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20111004/10376aef/attachment.pgp>

More information about the Ubuntu-cloud mailing list