[ubuntu-cloud] Refreshed UEC Images of 11.04 LTS (Natty Narwhal) [20111003]

Ben Howard ben.howard at canonical.com
Tue Oct 4 21:15:22 UTC 2011


A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.04 LTS (Natty Narwhal) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && apt-get distupgrade && reboot'.

Updates of Interest:
   * linux-virtual and linux-ec2 updated [3,4]. Multiple CVE's fixed [5]
   * apt: incorrect InRelease file signature validation (CVE-2011-1829)
   * bind9
        - denial of service via specially crafted packet. (CVE-2011-2464)
        - denial of service via off-by-one. (CVE-2011-1910)
   * ca-certificates: Blacklist "DigiNotar Root CA" due to fraudulent
certificate issuance
   * dbus: denial of service via messages with non-native byte order.
(CVE-2011-2200)
   * libxml2: denial of service and possible code execution viaspecially
        crafted xml file. (CVE-2011-1944)
   * logrotate
        - arbitrary code execution via shell metacharacters in log filename
            (CVE-2011-1154)
        - denial of service via invalid characters in log filename
(CVE-2011-1155)
   * libcurl: libcurl unconditional credential delegation during GSSAPI
        authentication vulnerability. (CVE-2011-2192)
   * pam
        - multiple issues with lack of adequate privilege dropping
            (CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-4706
            CVE-2010-4707)
        - privilege escalation via incorrect environment. (CVE-2010-3853)
   * perl
        - multiple intended restriction bypasses in Safe.pm. (CVE-2010-1447)
        - taint protection bypass via missing taint attributes.
(CVE-2011-1487)

Complete package change lists (please see the full changelogs for
comprehensive
list of changes):
   * apport 1.20.1-0ubuntu5.1
   * apt 0.8.13.2ubuntu4.2
   * bind9 19.7.3.dfsg-1ubuntu2.2
   * ca-certificates 20090814+nmu2ubuntu0.1
   * curl 7.21.3-1ubuntu1.3
   * dbus 1.4.6-1ubuntu6.1
   * dpkg 1.16.0~ubuntu7.1
   * freetype 2.4.4-1ubuntu2.1
   * initramfs-tools 0.98.8ubuntu3.1
   * isc-dhcp 4.1.1-P1-15ubuntu9.1
   * landscape-client 11.07.1.1-0ubuntu0.11.04.0
   * language-selector 0.34.2
   * libpng 1.2.44-1ubuntu3.1
   * libxml2 2.7.8.dfsg-2ubuntu0.1
   * linux 2.6.38-11.50
   * linux-meta 2.6.38.11.26
   * logrotate 3.7.8-6ubuntu3.1
   * lxc 0.7.4-0ubuntu7.1
   * ntp 14.2.6.p2+dfsg-1ubuntu5.1
   * pam 1.1.2-2ubuntu8.3
   * perl 5.10.1-17ubuntu4.1
   * plymouth 0.8.2-2ubuntu23
   * pygobject 2.28.3-1ubuntu1.1
   * python-apt 0.7.100.3ubuntu6.1
   * smart 1.3-1.3ubuntu0.2
   * sudo 1.7.4p4-5ubuntu7.1
   * tzdata 2011j-0ubuntu0.11.04
   * update-manager 10.150.3




--

[1] http://uec-images.ubuntu.com/server/releases/natty/release-20111003/
[2]
http://uec-images.ubuntu.com/server/releases/natty/release-20110426/<http://www.google.com/url?sa=D&q=http://uec-images.ubuntu.com/server/releases/lucid/release-20110719/&usg=AFQjCNEbMq_0T3zlXF1Y0tHzTByb9v5SrQ>
[3] https://launchpad.net/ubuntu/+source/linux
[4] https://launchpad.net/ubuntu/+source/linux/2.6.38-11.50
[5] Kernel CVEs:
      https://bugs.launchpad.net/bugs/cve/2010-1020
      https://bugs.launchpad.net/bugs/cve/2011-1493
      https://bugs.launchpad.net/bugs/cve/2011-2689
      https://bugs.launchpad.net/bugs/cve/2011-2699
      https://bugs.launchpad.net/bugs/cve/2011-2918
      https://bugs.launchpad.net/bugs/cve/2011-1581
      https://bugs.launchpad.net/bugs/cve/2011-2484
      https://bugs.launchpad.net/bugs/cve/2011-2493
      https://bugs.launchpad.net/bugs/cve/2011-1017

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20111004/ad80a072/attachment.pgp>


More information about the Ubuntu-cloud mailing list