[ubuntu-cloud] Refreshed Cloud Images of 11.10 (Oneiric Ocelot) [20130103]

Ben Howard ben.howard at canonical.com
Fri Jan 4 22:29:31 UTC 2013 

A new release of the Ubuntu Cloud Images for stable Ubuntu release 11.10
(Oneiric Ocelot) is available at [1]. These new images superseded the
existing images [2]. Images are available for download or immediate use
on EC2 via publish AMI ids. Users who wish to update their existing
installations can do so with:
   'apt-get update && sudo apt-get dist-upgrade && reboot'.

The Linux kernel was updated from 3.0.0-26.42 [3] to 3.0.0-29.46 [4]

The following packages have been updated. Please see the full changelogs
for a complete listing of changes:
 * apparmor: 2.7.0~beta1+bzr1774-1ubuntu2.1 =>
2.7.0~beta1+bzr1774-1ubuntu2.2
 * apport: 1.23-0ubuntu4 => 1.23-0ubuntu4.1
 * apt: 0.8.16~exp5ubuntu13.5 => 0.8.16~exp5ubuntu13.6
 * bind9: 1:9.7.3.dfsg-1ubuntu4.4 => 1:9.7.3.dfsg-1ubuntu4.5
 * dbus: 1.4.14-1ubuntu1 => 1.4.14-1ubuntu1.3
 * eglibc: 2.13-20ubuntu5.1 => 2.13-20ubuntu5.3
 * grub2: 1.99-12ubuntu5 => 1.99-12ubuntu5.1
 * isc-dhcp: 4.1.1-P1-17ubuntu10.3 => 4.1.1-P1-17ubuntu10.5
 * iso-codes: 3.27-1 => 3.27-1ubuntu1
 * landscape-client: 12.05-0ubuntu0.11.10 => 12.05-0ubuntu1.11.10
 * libxml2: 2.7.8.dfsg-4ubuntu0.3 => 2.7.8.dfsg-4ubuntu0.5
 * linux-meta: 3.0.0.26.30 => 3.0.0.29.33
 * linux: 3.0.0-26.42 => 3.0.0-29.46
 * ncurses: 5.9-1ubuntu5 => 5.9-1ubuntu5.1
 * perl: 5.12.4-4 => 5.12.4-4ubuntu0.1
 * python-keyring: 0.6.2-1 => 0.9.2-0ubuntu0.11.10.2
 * python2.7: 2.7.2-5ubuntu1 => 2.7.2-5ubuntu1.1
 * software-properties: 0.81.13.4 => 0.81.13.5
 * update-manager: 1:0.152.25.12 => 1:0.152.25.13

CVE Updates:
 * apt
    - change permissions of /var/log/apt/term.log to 0640 (CVE-2012-0961)
 * bind9
    - denial of service via specific combinations of RDATA (CVE-2012-5166)
 * dbus
   -  privilege escalation via unsanitized environment (CVE-2012-3524)
 * eglibc
    - buffer overflow in vfprintf handling (CVE-2012-3404)
    - buffer overflow in vfprintf handling (CVE-2012-3405)
    - stack buffer overflow in vfprintf handling (CVE-2012-3406)
    - stdlib strtod integer/buffer overflows (CVE-2012-3480)
 * isc-dhcp
    - denial of service via ipv6 lease expiration time reduction
(CVE-2012-3955)
 * libxml2
   - buffer underflow in xmlParseAttValueComplex() (CVE-2012-5134)
   - denial of service and possible code execution via incorrect buffer
sizes.
        (CVE-2012-2807)
 * perl
    - Injection problem in Digest::new (CVE-2011-3597)
    - Heap overflow in "x" operator (CVE-2012-5195)
    - CGI.pm improper cookie and p3p CRLF escaping (CVE-2012-5526)
 * python
    - fix hash randomization DoS (CVE-2012-1150)
    - xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon
        malformed POST request (CVE-2012-0845)
    - create ~/.pypirc securely (CVE-2011-4944)
 * python-keyring
    - CryptedFileKeyring format is insecure (CVE-2012-4571)

--
[1] http://cloud-images.ubuntu.com/releases/oneiric/release-20130103/
[2] http://cloud-images.ubuntu.com/releases/oneiric/release-20120918/
[3]
http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_3.0.0-26.42/changelog
[4]
http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_3.0.0-29.46/changelog

-- 


Ben Howard
ben.howard at canonical.com
Canonical
GPG ID 0x5406A866



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-cloud/attachments/20130104/e3500fa7/attachment.pgp>

More information about the Ubuntu-cloud mailing list