[ubuntu-cloud] Refreshed UEC Images of 11.04 LTS (Natty Narwhal) [20111003]

Ben Howard ben.howard at canonical.com
Tue Oct 4 21:15:22 UTC 2011

A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.04 LTS (Natty Narwhal) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && apt-get distupgrade && reboot'.

Updates of Interest:
   * linux-virtual and linux-ec2 updated [3,4]. Multiple CVE's fixed [5]
   * apt: incorrect InRelease file signature validation (CVE-2011-1829)
   * bind9
        - denial of service via specially crafted packet. (CVE-2011-2464)
        - denial of service via off-by-one. (CVE-2011-1910)
   * ca-certificates: Blacklist "DigiNotar Root CA" due to fraudulent
certificate issuance
   * dbus: denial of service via messages with non-native byte order.
   * libxml2: denial of service and possible code execution viaspecially
        crafted xml file. (CVE-2011-1944)
   * logrotate
        - arbitrary code execution via shell metacharacters in log filename
        - denial of service via invalid characters in log filename
   * libcurl: libcurl unconditional credential delegation during GSSAPI
        authentication vulnerability. (CVE-2011-2192)
   * pam
        - multiple issues with lack of adequate privilege dropping
            (CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-4706
        - privilege escalation via incorrect environment. (CVE-2010-3853)
   * perl
        - multiple intended restriction bypasses in Safe.pm. (CVE-2010-1447)
        - taint protection bypass via missing taint attributes.

Complete package change lists (please see the full changelogs for
list of changes):
   * apport 1.20.1-0ubuntu5.1
   * apt
   * bind9 19.7.3.dfsg-1ubuntu2.2
   * ca-certificates 20090814+nmu2ubuntu0.1
   * curl 7.21.3-1ubuntu1.3
   * dbus 1.4.6-1ubuntu6.1
   * dpkg 1.16.0~ubuntu7.1
   * freetype 2.4.4-1ubuntu2.1
   * initramfs-tools 0.98.8ubuntu3.1
   * isc-dhcp 4.1.1-P1-15ubuntu9.1
   * landscape-client
   * language-selector 0.34.2
   * libpng 1.2.44-1ubuntu3.1
   * libxml2 2.7.8.dfsg-2ubuntu0.1
   * linux 2.6.38-11.50
   * linux-meta
   * logrotate 3.7.8-6ubuntu3.1
   * lxc 0.7.4-0ubuntu7.1
   * ntp 14.2.6.p2+dfsg-1ubuntu5.1
   * pam 1.1.2-2ubuntu8.3
   * perl 5.10.1-17ubuntu4.1
   * plymouth 0.8.2-2ubuntu23
   * pygobject 2.28.3-1ubuntu1.1
   * python-apt
   * smart 1.3-1.3ubuntu0.2
   * sudo 1.7.4p4-5ubuntu7.1
   * tzdata 2011j-0ubuntu0.11.04
   * update-manager 10.150.3


[1] http://uec-images.ubuntu.com/server/releases/natty/release-20111003/
[3] https://launchpad.net/ubuntu/+source/linux
[4] https://launchpad.net/ubuntu/+source/linux/2.6.38-11.50
[5] Kernel CVEs:


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20111004/ad80a072/attachment.pgp>

More information about the Ubuntu-cloud mailing list