[ubuntu-cloud] Refreshed Cloud Images of Ubuntu 12.04 LTS (Precise Pangolin) [20120616]

Chris Fordham chris at xhost.com.au
Wed Jun 27 04:15:35 UTC 2012 

On Wed, 27 Jun 2012 04:09:38 +1000, Ben Howard <ben.howard at canonical.com>  
wrote:

> A new release of the Ubuntu Cloud Images for stable Ubuntu
> release 12.04 LTS (Precise Pangolin) is available at [1]. These new  
> images
> superseded the existing images [2]. Images are available for download or
> immediate use on EC2 via publish AMI ids. Users who wish to update their
> existing installations can do so with:
>    'apt-get update && sudo apt-get dist-upgrade && reboot'.
>
> Kernel Updates:
>   - linux-image has been updated to 3.2.0-25-virtual [3]
>   - linux-meta has been updated to 3.2.0.25-27 [4]
>
> Import image specific change: Grub has been configured so that grub-pc  
> does
> not force a debconf configuration prompt. This fixes (LP: 1009294).
>
> The following packages have been updated. Please see the full changelogs
> for a complete listing of changes:
>  - apparmor: 2.7.102-0ubuntu3 => 2.7.102-0ubuntu3.1
>  - apport: 2.0.1-0ubuntu5 => 2.0.1-0ubuntu8
>  - apt: 0.8.16~exp12ubuntu10 => 0.8.16~exp12ubuntu10.2
>  - bind9: 1:9.8.1.dfsg.P1-4 => 1:9.8.1.dfsg.P1-4ubuntu0.1
>  - cyrus-sasl2: 2.1.25.dfsg1-3 => 2.1.25.dfsg1-3ubuntu0.1
>  - euca2ools: 2.0.0~bzr516-0ubuntu3 => 2.0.0~bzr516-0ubuntu3.1
>  - glib2.0: 2.32.1-0ubuntu2 => 2.32.3-0ubuntu1
>  - grub2: 1.99-21ubuntu3 => 1.99-21ubuntu3.1
>  - hdparm: 9.37-0ubuntu3 => 9.37-0ubuntu3.1
>  - isc-dhcp: 4.1.ESV-R4-0ubuntu5 => 4.1.ESV-R4-0ubuntu5.1
>  - krb5: 1.10+dfsg~beta1-2 => 1.10+dfsg~beta1-2ubuntu0.1
>  - libgcrypt11: 1.5.0-3 => 1.5.0-3ubuntu0.1
>  - libtasn1-3: 2.10-1ubuntu1 => 2.10-1ubuntu1.1
>  - libxml2: 2.7.8.dfsg-5.1ubuntu4 => 2.7.8.dfsg-5.1ubuntu4.1
>  - linux: 3.2.0-23.36 => 3.2.0-25.40
>  - linux-meta: 3.2.0.23.25 => 3.2.0.25.27
>  - lvm2: 2:1.02.48-4ubuntu7 => 2:1.02.48-4ubuntu7.1
>  - ntp: 1:4.2.6.p3+dfsg-1ubuntu3 => 1:4.2.6.p3+dfsg-1ubuntu3.1
>  - openssl: 1.0.1-4ubuntu3 => 1.0.1-4ubuntu5.2
>  - policykit-1: 0.104-1 => 0.104-1ubuntu1
>  - pygobject: 3.2.0-3 => 3.2.2-1~precise
>  - resolvconf: 1.63ubuntu11 => 1.63ubuntu14
>  - software-properties: 0.82.7 => 0.82.7.1
>  - sudo: 1.8.3p1-1ubuntu3 => 1.8.3p1-1ubuntu3.3
>  - update-manager: 1:0.156.14 => 1:0.156.14.5
>  - update-notifier: 0.119ubuntu8.1 => 0.119ubuntu8.4
>  - upstart: 1.5-0ubuntu5 => 1.5-0ubuntu7
>  - vim: 2:7.3.429-2ubuntu2 => 2:7.3.429-2ubuntu2.1
>
> CVE Updates:
>  * apt
>    - Disable apt-key net-update for now, as validation code is still
> insecure
>      CVE-2012-0954
>  * bind9
>    - Restrict the TTL of NS RRset to no more than that of the old NS
> RRset when replacing it.
>      CVE-2012-1033
>    - denial of service via zero length rdata handling
>      CVE-2012-1667
>  * libxml2
>    - Fix an off by one pointer access in xpointer.c
>      CVE-2011-3102
>  * libtasn1-3
>    - denial of service and possible code execution via certain large
> length values.
>      CVE-2012-1569
>  * openssl
>    - denial of service attack in DTLS, TLS v1.1 and TLS v1.2  
> implementation
>      CVE-2012-2333
>  * sudo
>    - Properly handle multiple netmasks in sudoers Host and Host_List  
> values
>      CVE-2012-2337
>  * update-manager
>    - Incomplete fix for CVE-2012-0949
>      CVE-2012-0950
>    - Incorrect permissions on system_state archive may expose repo  
> passwords
>      CVE-2012-0948
>    - Apport hook may upload system_state archive containing repo  
> passwords
>      CVE-2012-0949
>
>
>
[1] and [2] appear to have incorrect URLs with an extra '-images' in the  
URL.

More information about the Ubuntu-cloud mailing list