[ubuntu-cloud] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20120403]

Ben Howard ben.howard at canonical.com
Tue Apr 3 21:15:32 UTC 2012

A new release of the Ubuntu Cloud Images for stable Ubuntu
release 11.10 (Oneiric Ocelot) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && apt-get distupgrade && reboot'.

The following packages have been updated. Please see the full changelogs
for a complete listing of changes.
  - apt: 0.8.16~exp5ubuntu13 => 0.8.16~exp5ubuntu13.2 
  - cloud-init: 0.6.1-0ubuntu22 => 0.6.1-0ubuntu22.1 
  - distribute: 0.6.16-1 => 0.6.16-1ubuntu0.1 
  - eglibc: 2.13-20ubuntu5 => 2.13-20ubuntu5.1 
  - freetype: 2.4.4-2ubuntu1.1 => 2.4.4-2ubuntu1.2 
  - gzip: 1.3.12-9ubuntu1.1 => 1.3.12-9ubuntu1.2 
  - libpng: 1.2.46-3ubuntu1.1 => 1.2.46-3ubuntu1.2 
  - libxml2: 2.7.8.dfsg-4ubuntu0.1 => 2.7.8.dfsg-4ubuntu0.2 
  - linux: 3.0.0-16.28 => 3.0.0-17.30 
  - linux-meta: => 
  - lxc: 0.7.5-0ubuntu8.3 => 0.7.5-0ubuntu8.5 
  - python-httplib2: 0.7.1-1ubuntu1 => 0.7.2-1ubuntu2~ 
  - python-pam: 0.4.2-12.2ubuntu2 => 0.4.2-12.2ubuntu2.11.10.1 
  - tzdata: 2011n-0ubuntu0.11.10 => 2012b-0ubuntu0.11.10 
  - udev: 173-0ubuntu4.1 => 173-0ubuntu4.2

Kernel Update: linux-image has been updated to 3.0.0-17.30 [3].

CVE Updates:
* apt
  - apt apt-utils libapt-pkg4.11 libapt-inst1.3 apt-transport-https
       trust bypass via stale InRelease file (LP: #947108)
* eglibc
  - timezone header parsing integer overflow (LP: #906961)
  - ld.so insecure handling of privileged programs
  - DoS in RPC implementation (LP: #901716)
  - vfprintf nargs overflow leading to FORTIFY
* libpnglibpng12-0
  - denial of service and possible code execution via incorrect type.
* libxml2:
  - add randomization to dictionaries with hash tables
* freetype:
  - Denial of service via crafted BDF font:
       CVE-2012-1126, CVE-2012-1127, CVE-2012-1136,
       CVE-2012-1133, CVE-2012-1137, CVE-2012-1139,
  - Denial of service via crafted TrueType font:
       CVE-2012-1128, CVE-2012-1131, CVE-2012-1135,
       CVE-2012-1138, CVE-2012-1144
  - Denial of service via crafted Type42 font
  - Denial of service via crafted PCF font
  - Denial of service via crafted Type1 font:
       CVE-2012-1132, CVE-2012-1134
  - Denial of service via crafted PostScript font
  - Denial of service via crafted Windows FNT/FON font
  - Denial of service via crafted font
* python-pam
  - possible code execution via double-free (LP: #949218)


[3] https://launchpad.net/ubuntu/+source/linux/3.0.0-17.30


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20120403/1271c21e/attachment.pgp>

More information about the Ubuntu-cloud mailing list