[ubuntu-cloud] Refreshed Cloud Images of 10.04 LTS (Lucid Lynx) [2011]

Ben Howard ben.howard at canonical.com
Tue Apr 3 21:15:12 UTC 2012


A new release of the Ubuntu Cloud Images for stable Ubuntu
release 10.04 LTS (Lucid Lynx) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && apt-get distupgrade && reboot'.

The Linux kernel has been updated to 2.6.32-344.46 [3] and
linux-meta-ec2 has been updated to 2.6.32.344.25.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes
 - apt: 0.7.25.3ubuntu9.10 => 0.7.25.3ubuntu9.11
 - cloud-init: 0.5.10-0ubuntu1.5 => 0.5.10-0ubuntu1.7
 - consolekit: 0.4.1-3ubuntu2 => 0.4.1-3ubuntu3
 - cron: 3.0pl1-106ubuntu5 => 3.0pl1-106ubuntu6
 - eglibc: 2.11.1-0ubuntu7.8 => 2.11.1-0ubuntu7.10
 - freetype: 2.3.11-1ubuntu2.5 => 2.3.11-1ubuntu2.6
 - gcc-4.4: 1:4.4.3-4ubuntu5 => 1:4.4.3-4ubuntu5.1
 - lazr.restfulclient: 0.9.11-1ubuntu1.2 => 0.9.11-1ubuntu1.3
 - libpng: 1.2.42-1ubuntu2.3 => 1.2.42-1ubuntu2.4
 - libxml2: 2.7.6.dfsg-1ubuntu1.3 => 2.7.6.dfsg-1ubuntu1.4
 - linux: 2.6.32-38.83 => 2.6.32-40.87
 - linux-ec2: 2.6.32-342.43 => 2.6.32-344.46
 - linux-meta: 2.6.32.38.44 => 2.6.32.40.47
 - linux-meta-ec2: 2.6.32.342.23 => 2.6.32.344.25
 - procps: 1:3.2.8-1ubuntu4 => 1:3.2.8-1ubuntu4.2
 - python-httplib2: 0.6.0-1 => 0.7.2-1ubuntu2~0.10.04.1
 - python-pam: 0.4.2-12.1ubuntu1 => 0.4.2-12.1ubuntu1.10.04.1
 - python-wadllib: 1.1.4-1ubuntu1 => 1.1.4-1ubuntu1.1
 - tzdata: 2011n-0ubuntu0.10.04 => 2012b-0ubuntu0.10.04
 - update-manager: 1:0.134.11.2 => 1:0.134.12.1

CVE Updates:
* eglibc
   - timezone header parsing integer overflow (LP: #906961)
        CVE-2009-5029
   - memory consumption denial of service in fnmatch
        CVE-2011-1071
   - /etc/mtab corruption denial of service
        CVE-2011-1089
   - insufficient locale environment sanitization
        CVE-2011-1095
   - ld.so insecure handling of privileged programs'
     RPATHs with $ORIGIN
        CVE-2011-1658
   - fnmatch integer overflow
        CVE-2011-1659
   - signedness bug in memcpy_ssse3
        CVE-2011-2702
   - DoS in RPC implementation (LP: #901716)
        CVE-2011-4609
   - vfprintf nargs overflow leading to FORTIFY
     check bypass
        CVE-2012-0864
* freetype
  - Denial of service via crafted BDF font:
       CVE-2012-1126, CVE-2012-1127, CVE-2012-1136,
       CVE-2012-1133, CVE-2012-1137, CVE-2012-1139,
       CVE-2012-1141
  - Denial of service via crafted TrueType font:
       CVE-2012-1128, CVE-2012-1131, CVE-2012-1135,
       CVE-2012-1138, CVE-2012-1144
  - Denial of service via crafted Type42 font
       CVE-2012-1129
  - Denial of service via crafted PCF font
       CVE-2012-1130
  - Denial of service via crafted Type1 font:
       CVE-2012-1132, CVE-2012-1134
  - Denial of service via crafted PostScript font
       CVE-2012-1140
  - Denial of service via crafted Windows FNT/FON font
       CVE-2012-1142
  - Denial of service via crafted font
       CVE-2012-1143
* libpng
  - denial of service and possible code execution via
    incorrect type.
       CVE-2011-3045
* libxml2
  - add randomization to dictionaries with hash tables
    help prevent denial of service via hash algorithm collision
       CVE-2012-0841
* python-pam
  - possible code execution via double-free (LP: #949218)
       CVE-2012-1502

--

[1] http://cloud-images.ubuntu.com/releases/lucid/release-20120403/
[2] http://cloud-images-archive.ubuntu.com/releases/lucid/release-20120221/
[3] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-344.46
[4] https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20120403/66160cf4/attachment.pgp>


More information about the Ubuntu-cloud mailing list