[ubuntu-cloud] Refreshed UEC Images of 11.04 LTS (Natty Narwhal) [20111003]

Ben Howard ben.howard at canonical.com
Tue Oct 4 21:52:38 UTC 2011 

CORRECTION:

I incorrectly stated that 11.04 is a LTS release. 11.04 is NOT an LTS
release and is normal stable release.

The opening paragraph should have read: "A new release of the Ubuntu
Cloud Images for stable Ubuntu release 11.04 (Natty Narwhal) is
available at [1]. These new images superseded the existing images [2].
Images are available for download or immediate use on EC2 via publish
AMI ids."

My apologies for any confusion this typo may have caused.

~Ben

On 10/04/2011 03:15 PM, Ben Howard wrote:
> A new release of the Ubuntu Cloud Images for stable Ubuntu
> release 11.04 LTS (Natty Narwhal) is available at [1]. These new images
> superseded the existing images [2]. Images are available for download or
> immediate use on EC2 via publish AMI ids. Users who wish to update their
> existing installations can do so with:
>    'apt-get update && apt-get distupgrade && reboot'.
>
> Updates of Interest:
>    * linux-virtual and linux-ec2 updated [3,4]. Multiple CVE's fixed [5]
>    * apt: incorrect InRelease file signature validation (CVE-2011-1829)
>    * bind9
>         - denial of service via specially crafted packet. (CVE-2011-2464)
>         - denial of service via off-by-one. (CVE-2011-1910)
>    * ca-certificates: Blacklist "DigiNotar Root CA" due to fraudulent
> certificate issuance
>    * dbus: denial of service via messages with non-native byte order.
> (CVE-2011-2200)
>    * libxml2: denial of service and possible code execution viaspecially
>         crafted xml file. (CVE-2011-1944)
>    * logrotate
>         - arbitrary code execution via shell metacharacters in log filename
>             (CVE-2011-1154)
>         - denial of service via invalid characters in log filename
> (CVE-2011-1155)
>    * libcurl: libcurl unconditional credential delegation during GSSAPI
>         authentication vulnerability. (CVE-2011-2192)
>    * pam
>         - multiple issues with lack of adequate privilege dropping
>             (CVE-2010-3430, CVE-2010-3431, CVE-2010-3435, CVE-2010-4706
>             CVE-2010-4707)
>         - privilege escalation via incorrect environment. (CVE-2010-3853)
>    * perl
>         - multiple intended restriction bypasses in Safe.pm. (CVE-2010-1447)
>         - taint protection bypass via missing taint attributes.
> (CVE-2011-1487)
>
> Complete package change lists (please see the full changelogs for
> comprehensive
> list of changes):
>    * apport 1.20.1-0ubuntu5.1
>    * apt 0.8.13.2ubuntu4.2
>    * bind9 19.7.3.dfsg-1ubuntu2.2
>    * ca-certificates 20090814+nmu2ubuntu0.1
>    * curl 7.21.3-1ubuntu1.3
>    * dbus 1.4.6-1ubuntu6.1
>    * dpkg 1.16.0~ubuntu7.1
>    * freetype 2.4.4-1ubuntu2.1
>    * initramfs-tools 0.98.8ubuntu3.1
>    * isc-dhcp 4.1.1-P1-15ubuntu9.1
>    * landscape-client 11.07.1.1-0ubuntu0.11.04.0
>    * language-selector 0.34.2
>    * libpng 1.2.44-1ubuntu3.1
>    * libxml2 2.7.8.dfsg-2ubuntu0.1
>    * linux 2.6.38-11.50
>    * linux-meta 2.6.38.11.26
>    * logrotate 3.7.8-6ubuntu3.1
>    * lxc 0.7.4-0ubuntu7.1
>    * ntp 14.2.6.p2+dfsg-1ubuntu5.1
>    * pam 1.1.2-2ubuntu8.3
>    * perl 5.10.1-17ubuntu4.1
>    * plymouth 0.8.2-2ubuntu23
>    * pygobject 2.28.3-1ubuntu1.1
>    * python-apt 0.7.100.3ubuntu6.1
>    * smart 1.3-1.3ubuntu0.2
>    * sudo 1.7.4p4-5ubuntu7.1
>    * tzdata 2011j-0ubuntu0.11.04
>    * update-manager 10.150.3
>
>
>
>
> --
>
> [1] http://uec-images.ubuntu.com/server/releases/natty/release-20111003/
> [2] http://uec-images.ubuntu.com/server/releases/natty/release-20110426/
> [3] https://launchpad.net/ubuntu/+source/linux
> [4] https://launchpad.net/ubuntu/+source/linux/2.6.38-11.50
> [5] Kernel CVEs:
>       https://bugs.launchpad.net/bugs/cve/2010-1020
>       https://bugs.launchpad.net/bugs/cve/2011-1493
>       https://bugs.launchpad.net/bugs/cve/2011-2689
>       https://bugs.launchpad.net/bugs/cve/2011-2699
>       https://bugs.launchpad.net/bugs/cve/2011-2918
>       https://bugs.launchpad.net/bugs/cve/2011-1581
>       https://bugs.launchpad.net/bugs/cve/2011-2484
>       https://bugs.launchpad.net/bugs/cve/2011-2493
>       https://bugs.launchpad.net/bugs/cve/2011-1017
>

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20111004/62b07e1f/attachment.pgp>

More information about the Ubuntu-cloud mailing list