[ubuntu-cloud] Refreshed Cloud Images of Ubuntu 11.04 (Natty Narwhal) [20120402]

Ben Howard ben.howard at canonical.com
Wed Apr 4 21:17:47 UTC 2012 

A new release of the Ubuntu Cloud Images for stable Ubuntu 11.04
release (Natty Narwhal) is available at [1]. These new images
superseded the existing images [2]. Images are available for download or
immediate use on EC2 via publish AMI ids. Users who wish to update their
existing installations can do so with:
   'apt-get update && sudo apt-get dist-upgrade && reboot'.

linux image has been updated to 2.6.38-13.57

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 - cloud-init: 0.6.1-0ubuntu8 => 0.6.1-0ubuntu8.1
 - freetype: 2.4.4-1ubuntu2.2 => 2.4.4-1ubuntu2.3
 - libpng: 1.2.44-1ubuntu3.2 => 1.2.44-1ubuntu3.3
 - linux: 2.6.38-13.56 => 2.6.38-13.57

CVE Updates:
* libxml2:
  - add randomization to dictionaries with hash tables
       CVE-2012-0841
* freetype:
  - Denial of service via crafted BDF font:
       CVE-2012-1126, CVE-2012-1127, CVE-2012-1136,
       CVE-2012-1133, CVE-2012-1137, CVE-2012-1139,
       CVE-2012-1141
  - Denial of service via crafted TrueType font:
       CVE-2012-1128, CVE-2012-1131, CVE-2012-1135,
       CVE-2012-1138, CVE-2012-1144
  - Denial of service via crafted Type42 font
       CVE-2012-1129
  - Denial of service via crafted PCF font
       CVE-2012-1130
  - Denial of service via crafted Type1 font:
       CVE-2012-1132, CVE-2012-1134
  - Denial of service via crafted PostScript font
       CVE-2012-1140
  - Denial of service via crafted Windows FNT/FON font
       CVE-2012-1142
  - Denial of service via crafted font
       CVE-2012-1143

_________________________________________________________________________
RELEASE NOTES for Ubuntu 11.04 (Natty Norwhal) 20120312

Additionally, the release for Ubuntu 11.04 (Natty Narwhal) on 20120312
appears to have not gone out. I personally apologize for this failure.

Below are the release note for the update from 20111103 to 20120312.

Linux image was updated to 2.6.38-11.50 [4] and linux-meta was updated
to 2.6.38.13.28 [5]

Package Updates:
 - apt: 0.8.13.2ubuntu4.2 => 0.8.13.2ubuntu4.4
 - bind9: 1:9.7.3.dfsg-1ubuntu2.2 => 1:9.7.3.dfsg-1ubuntu2.3
 - byobu: 3.33-0ubuntu1 => 3.33-0ubuntu1.1
 - bzip2: 1.0.5-6ubuntu1 => 1.0.5-6ubuntu1.11.04.1
 - curl: 7.21.3-1ubuntu1.3 => 7.21.3-1ubuntu1.5
 - eglibc: 2.13-0ubuntu13 => 2.13-0ubuntu13.1
 - freetype: 2.4.4-1ubuntu2.1 => 2.4.4-1ubuntu2.2
 - isc-dhcp: 4.1.1-P1-15ubuntu9.1 => 4.1.1-P1-15ubuntu9.3
 - krb5: 1.8.3+dfsg-5ubuntu2.1 => 1.8.3+dfsg-5ubuntu2.2
 - libpng: 1.2.44-1ubuntu3.1 => 1.2.44-1ubuntu3.2
 - libxml2: 2.7.8.dfsg-2ubuntu0.1 => 2.7.8.dfsg-2ubuntu0.3
 - linux: 2.6.38-11.50 => 2.6.38-13.56
 - linux-meta: 2.6.38.11.26 => 2.6.38.13.28
 - lxc: 0.7.4-0ubuntu7.1 => 0.7.4-0ubuntu7.2
 - openldap: 2.4.23-6ubuntu6 => 2.4.23-6ubuntu6.1
 - openssl: 0.9.8o-5ubuntu1 => 0.9.8o-5ubuntu1.2
 - pam: 1.1.2-2ubuntu8.3 => 1.1.2-2ubuntu8.4
 - python-defaults: 2.7.1-0ubuntu5 => 2.7.1-0ubuntu5.1
 - python-httplib2: 0.6.0-4build1 => 0.7.2-1ubuntu2~0.11.04.1
 - python-launchpadlib: 1.9.7-0ubuntu2 => 1.9.7-0ubuntu2.1
 - python-pam: 0.4.2-12.2ubuntu2 => 0.4.2-12.2ubuntu2.11.04.1
 - rsyslog: 4.6.4-2ubuntu4 => 4.6.4-2ubuntu4.2
 - software-properties: 0.80.9 => 0.80.9.1
 - sysvinit: 2.87dsf-4ubuntu23 => 2.87dsf-4ubuntu23.1
 - tzdata: 2011j-0ubuntu0.11.04 => 2012b-0ubuntu0.11.04
 - update-manager: 1:0.150.3 => 1:0.150.5.2

CVE Updates:
* apt
  - trust bypass via stale InRelease file (LP: #947108)
       CVE-2012-0214
  - remove 'old' InRelease file if we can't get a new one before
    proceeding with Release.gpg to avoid the false impression of a still
    trusted repository by a (still present) old InRelease file.
       CVE-2012-0214
* bind9
   -denial of service via specially crafted packet
       CVE-2011-4313
* krb5:
   - fix multiple kdc DoS issues
        CVE-2011-1528, CVE-2011-1529
* libxml2:
  - add randomization to dictionaries with hash tables
    help prevent denial of service via hash algorithm collision
       CVE-2012-0841
  - fix off-by-one leading to denial of service
       CVE-2011-0216
  - fix double free in XPath evaluation
       CVE-2011-2821
  - fix double free in XPath evaluation
       CVE-2011-2834
  - fix out of bounds read
       CVE-2011-3905
  - fix heap overflow
       CVE-2011-3919
* eglibc
  - timezone header parsing integer overflow (LP: #906961)
       CVE-2009-5029
  - /etc/mtab corruption denial of service
       CVE-2011-1089
  - ld.so insecure handling of privileged programs' RPATHs with $ORIGIN
       CVE-2011-1658
  - fnmatch integer overflow
       CVE-2011-1659
  - DoS in RPC implementation (LP: #901716)
       CVE-2011-4609
  - vfprintf nargs overflow leading to FORTIFY check bypass
       CVE-2012-0864
* rsyslog
   - fix denial of service when using imfile and processing lines longer
than 64KiB
       CVE-2011-4623
  - fix denial of service via off by two
       CVE-2011-3200
* isc-dhcp
   - denial of service via regular expressions
       CVE-2011-4539
* curl:
   - URL sanitization vulnerability
       CVE-2012-0036
* bzip2: 1.0.5-6ubuntu1
  - Fix temporary file creation race condition
       CVE-2011-4089
* openldap
  - potential denial of service (LP: #884163)
       CVE-2011-4079
* openssl
  - ECDSA private key timing attack
       CVE-2011-1945
  - ECDH ciphersuite denial of service
      CVE-2011-3210
  - DTLS plaintext recovery attack
       CVE-2011-4108
  - policy check double free vulnerability
      CVE-2011-4019
  - SSL 3.0 block padding exposure
       CVE-2011-4576
  - malformed RFC 3779 data denial of service attack
       CVE-2011-4577
  - Server Gated Cryptography (SGC) denial of service
       CVE-2011-4619
  - fix for CVE-2011-4108 denial of service attack
       CVE-2012-0050
* pam
  - possible code execution via incorrect environment file
       CVE-2011-3148
  - denial of service via overflowed environment variable
       CVE-2011-3149
  - code execution via incorrect environment cleaning
       CVE-2011-XXXX
* python-pam
  - possible code execution via double-free (LP: #949218)
       CVE-2012-1502
software-properties:
  - incorrect ssl certificate validation (LP: #915210)
       CVE-2011-4407
* update-manager:
   - UpdateManager/Core/DistUpgradeFetcherCore.py: verify signature before
        CVE-2011-3152
  - information leak via insecure temp file (LP: #881541)
       CVE-2011-3154

--

[1]
http://cloud-images-images.ubuntu.com/server/releases/natty/release-20120402
[2]
http://cloud-images-images.ubuntu.com/server/releases/natty/release-20120312
[3] https://launchpad.net/ubuntu/+source/linux/2.6.38-13.57
[4] https://launchpad.net/ubuntu/+source/linux/2.6.38-11.50
[5] https://launchpad.net/ubuntu/+source/linux-meta/2.6.38.13.28

-- 


Ben Howard
ben.howard at canonical.com
Canonical USA, Inc
GPG ID 0x5406A866




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20120404/ceb2be65/attachment.pgp>

More information about the Ubuntu-cloud mailing list