[ubuntu-cloud] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20120722]

Ben Howard ben.howard at canonical.com
Mon Jul 23 20:36:32 UTC 2012 

A new release of the Ubuntu Cloud Images for stable Ubuntu release 11.10
(Oneiric Ocelot) is available at [1]. These new images superseded the
existing images [2]. Images are available for download or immediate use
on EC2 via publish AMI ids. Users who wish to update their existing
installations can do so with:
   'apt-get update && sudo apt-get dist-upgrade && reboot'.

This release includes HVM images for the Amazon AWS eu-west-1 region. 

The linux-image packages was updated to 3.0.0-23.39 [3] and the linux
meta-data package was updated to 3.0.0.23.27 [4]

CVE Updates:
  * accountsservice
    - race condition with UID lookup (CVE-2012-2737)
  * apt
    - Disable apt-key net-update for now, as validation code is still
        insecure (CVE-2012-0954)
  * bind9
    - ghost domain names attack (CVE-2012-1033)
    - denial of service via zero length rdata handling (CVE-2012-1667)
  * gnutls26
    - Denial of service in client application (CVE-2011-4128)
    - Denial of service via crafted TLS record (CVE-2012-1573)
  * libpng
    - denial of service and possible code execution via memory corruption
         issue (CVE-2011-3048)
  * libtasn1-3
    - denial of service and possible code execution via certain large length
        values (CVE-2012-1569)
  * libxml2
    - Fix an off by one pointer access in xpointer.c (CVE-2011-3102)
  * openssl
    - denial of service attack in DTLS implementation (CVE-2012-2333)
    - million message attack (MMA) in CMS and PKCS #7 (CVE-2012-0884)
    - NULL pointer dereference in S/MIME messages with broken
        (CVE-2006-7250 and CVE-2012-1165)
    - fix various overflows (CVE-2012-2110)
  * python-crypto
      - incorrect ElGamal key generation (CVE-2012-2417)
  * sudo
    - Properly handle multiple netmasks in sudoers Host and Host_List values
        (CVE-2012-2337)
  * update-manager
    - DistUpgrade/DistUpgradeApport.py: use a whitelist of files so we
      don't upload system_state archives. (CVE-2012-0950)
    - DistUpgrade/DistUpgradeMain.py: create file with proper permissions
        (CVE-2012-0948)
    - Apport hook may upload system_state archive containing repo
	passwords (CVE-2012-0949)

Due to a dependency change of landscape-client, python-twisted-names is now installed. 

The following packages have been updated. Please see the full changelogs
for a complete listing changes:
  * accountsservice: 0.6.14-1git1ubuntu1.1 => 0.6.14-1git1ubuntu1.2
  * apparmor: 2.7.0~beta1+bzr1774-1ubuntu2 =>
	2.7.0~beta1+bzr1774-1ubuntu2.1
  * apt: 0.8.16~exp5ubuntu13.2 => 0.8.16~exp5ubuntu13.5
  * bind9: 1:9.7.3.dfsg-1ubuntu4.1 => 1:9.7.3.dfsg-1ubuntu4.2
  * dpkg: 1.16.0.3ubuntu5 => 1.16.0.3ubuntu5.1
  * gnutls26: 2.10.5-1ubuntu3 => 2.10.5-1ubuntu3.1
  * insserv: 1.14.0-2.1 => 1.14.0-2.1ubuntu0.2
  * landscape-client: 11.07.1.1-0ubuntu1.11.10.0 => 12.04.3-0ubuntu0.11.10
  * libpng: 1.2.46-3ubuntu1.2 => 1.2.46-3ubuntu1.3
  * libtasn1-3: 2.9-4 => 2.9-4ubuntu0.1
  * libxml2: 2.7.8.dfsg-4ubuntu0.2 => 2.7.8.dfsg-4ubuntu0.3
  * linux: 3.0.0-17.30 => 3.0.0-23.39
  * linux-firmware: 1.60 => 1.60.1
  * linux-meta: 3.0.0.17.20 => 3.0.0.23.27
  * lxc: 0.7.5-0ubuntu8.5 => 0.7.5-0ubuntu8.6
  * mawk: 1.3.3-15ubuntu2 => 1.3.3-15ubuntu2.11.10
  * openssl: 1.0.0e-2ubuntu4.2 => 1.0.0e-2ubuntu4.6
  * python-crypto: 2.3-2 => 2.3-2ubuntu0.1
  * software-properties: 0.81.13.3 => 0.81.13.4
  * sudo: 1.7.4p6-1ubuntu2 => 1.7.4p6-1ubuntu2.1
  * ubuntu-meta: 1.245 => 1.245.1
  * update-manager: 1:0.152.25.8 => 1:0.152.25.12
  * upstart: 1.3-0ubuntu11 => 1.3-0ubuntu12
  * vim: 2:7.3.154+hg~74503f6ee649-2ubuntu3 =>
	 2:7.3.154+hg~74503f6ee649-2ubuntu3.1


--

[1] http://cloud-images.ubuntu.com/releases/oneiric/release-20120722/
[2] http://cloud-images.ubuntu.com/releases/oneiric/release-20120401/
[3] https://launchpad.net/ubuntu/+source/linux/3.0.0-23.39
[4] https://launchpad.net/ubuntu/+source/linux-meta/3.0.0.23.27

-- 

Ben Howard
ben.howard at canonical.com
Canonical
GPG ID 0x5406A866


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20120723/586ed8cf/attachment.pgp>

More information about the Ubuntu-cloud mailing list