An ekg and Gadu library security update has been released for Ubuntu Linux 5.04
===========================================================
Ubuntu Security Notice USN-162-1 August 08, 2005
ekg vulnerabilities
CAN-2005-1850, CAN-2005-1851, CAN-2005-1852, CAN-2005-1916,
CAN-2005-2369, CAN-2005-2370, CAN-2005-2448
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
ekg
libgadu3
The problem can be corrected by upgrading the affected package to version 1:1.5-4ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes. If you use the Instant Messaging application "Kopete", you need to restart it after the upgrade since it uses the libgadu3 library package.
A bzip2 utility security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-161-1 August 04, 2005
bzip2 vulnerability
CAN-2005-0758
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
bzip2
The problem can be corrected by upgrading the affected package to version 1.0.2-1ubuntu0.2 (for Ubuntu 4.10), or 1.0.2-2ubuntu0.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-158-1 fixed a command injection vulnerability in the "zgrep" utility. It was determined that the "bzgrep" counterpart in the bzip2 package is vulnerable to the same flaw.
bzgrep did not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if bzgrep was run in an untrusted directory with specially crafted file names.
An Apache 2 update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-160-1 August 04, 2005
apache2 vulnerabilities
CAN-2005-1268, CAN-2005-2088
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker
The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.3 (for Ubuntu 4.10), or 2.0.53-5ubuntu5.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Updated Mozilla Thunderbird Enigmail plugin packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-157-2 August 02, 2005
updated enigmail
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mozilla-thunderbird-enigmail
The problem can be corrected by upgrading the affected package to version 2:0.92-1ubuntu04.10.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
An unzip security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-159-1 August 01, 2005
unzip vulnerability
CAN-2005-0602
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
unzip
The problem can be corrected by upgrading the affected package to version 5.51-2ubuntu0.1 (for Ubuntu 4.10), or 5.51-2ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A gzip utility security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-158-1 August 01, 2005
gzip vulnerability
CAN-2005-0758
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gzip
The problem can be corrected by upgrading the affected package to version 1.3.5-9ubuntu3.3 (for Ubuntu 4.10), or 1.3.5-9ubuntu3.4 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A Mozilla Thunderbird security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-157-1 August 01, 2005
mozilla-thunderbird vulnerabilities
CAN-2005-0989, CAN-2005-1159, CAN-2005-1160, CAN-2005-1532,
CAN-2005-2261, CAN-2005-2265, CAN-2005-2269, CAN-2005-2270,
CAN-2005-2353
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-thunderbird
mozilla-thunderbird-enigmail
The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu04.10 (for Ubuntu 4.10), or 1.0.6-0ubuntu05.04 (for Ubuntu 5.04). You need to restart Thunderbird after a standard system upgrade to effect the necessary changes.
A TIFF update has been released for Ubuntu Linux 4.10 and 5.04
==========================================================
Ubuntu Security Notice USN-156-1 July 29, 2005
tiff vulnerability
https://bugzilla.ubuntu.com/show_bug.cgi?id=12008==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libtiff4
The problem can be corrected by upgrading the affected package to version 3.6.1-1.1ubuntu1.4 (for Ubuntu 4.10), or 3.6.1-5ubuntu0.2 (for Ubuntu 5.04). After a standard system upgrade you need to restart your CUPS server with
sudo /etc/init.d/cupsys restart
to effect the necessary changes.
A Mozilla security update has been released for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-155-1 July 26, 2005
mozilla vulnerabilities
CAN-2005-1531, CAN-2005-1532, CAN-2005-1937, CAN-2005-2260,
CAN-2005-2261, CAN-2005-2263, CAN-2005-2265, CAN-2005-2266,
CAN-2005-2268, CAN-2005-2269, CAN-2005-2270
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-browser
mozilla-mailnews
The problem can be corrected by upgrading the affected package to version 2:1.7.10-0ubuntu04.10 (for Ubuntu 4.10), or 2:1.7.10-0ubuntu05.04 (for Ubuntu 5.04). After a standard system upgrade you need to restart Mozilla to effect the necessary changes.
Updated Epiphany packages are available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-155-2 July 28, 2005
epiphany-browser regressions
https://bugzilla.ubuntu.com/show_bug.cgi?id=13041==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
epiphany-browser
The problem can be corrected by upgrading the affected package to version 1.4.4-0ubuntu2.1. After a standard system upgrade you need to restart Epiphany to effect the necessary changes.
An Ubuntu 4.10 update for the Firefox vulnerabilities has been released
==========================================================
Ubuntu Security Notice USN-149-3 July 28, 2005
mozilla-firefox vulnerabilities
CAN-2004-1156, CAN-2004-1381, CAN-2005-0141, CAN-2005-0142,
CAN-2005-0143, CAN-2005-0144, CAN-2005-0145, CAN-2005-0146,
CAN-2005-0147, CAN-2005-0150, CAN-2005-0230, CAN-2005-0231,
CAN-2005-0232, CAN-2005-0233, CAN-2005-0255, CAN-2005-0399,
CAN-2005-0401, CAN-2005-0402, CAN-2005-0578, CAN-2005-0584,
CAN-2005-0585, CAN-2005-0586, CAN-2005-0587, CAN-2005-0588,
CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592,
CAN-2005-0593, CAN-2005-0752, CAN-2005-0989, CAN-2005-1153,
CAN-2005-1154, CAN-2005-1155, CAN-2005-1156, CAN-2005-1157,
CAN-2005-1158, CAN-2005-1159, CAN-2005-1160, CAN-2005-1531,
CAN-2005-1532, CAN-2005-1937, CAN-2005-2260, CAN-2005-2261,
CAN-2005-2262, CAN-2005-2263, CAN-2005-2264, CAN-2005-2265,
CAN-2005-2266, CAN-2005-2267, CAN-2005-2268, CAN-2005-2269,
CAN-2005-2270
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mozilla-firefox
mozilla-firefox-locale-ca
mozilla-firefox-locale-de
mozilla-firefox-locale-es
mozilla-firefox-locale-fr
mozilla-firefox-locale-it
mozilla-firefox-locale-ja
mozilla-firefox-locale-nb
mozilla-firefox-locale-pl
mozilla-firefox-locale-tr
mozilla-firefox-locale-uk
The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu0.0.1 (mozilla-firefox) and 1.0.6-0ubuntu0.1 (mozilla-firefox-locale-... packages).
Please note that the new version does not work with the already existing translation packages (mozilla-firefox-locale-...). New packages have been provided which are compatible to the new Firefox version of this security update, so they need to be upgraded as well (a standard system upgrade will take care of this).
After a standard system upgrade you need to restart Firefox to effect the necessary changes.
We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again.
A vim security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-154-1 July 26, 2005
vim vulnerability
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kvim
kvim-perl
kvim-python
kvim-tcl
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl
The problem can be corrected by upgrading the affected package to version 1:6.3-025+1ubuntu2.3 (for Ubuntu 4.10), or 1:6.3-046+1ubuntu7.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A fetchmail update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-153-1 July 26, 2005
fetchmail vulnerability
CAN-2005-2335
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
fetchmail
The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.1 (for Ubuntu 4.10), or 6.2.5-12ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Fixed Firefox packages are available for Ubuntu Linux 5.04
==========================================================
Ubuntu Security Notice USN-149-2 July 25, 2005
mozilla-firefox regressions
Ubuntu bugs #10681, #12854, #12882
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
mozilla-firefox-gnome-support
The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu0.1. After performing a standard system upgrade you need to restart Firefox to effect the necessary changes.
Details follow:
USN-149-1 fixed several vulnerabilities in the Firefox web browser. Unfortunately that update introduced a lot of regressions, especially when using extensions, so another update is necessary. The new packages ship Firefox version 1.0.6 which should now work well with most extensions (one known exception is the package "mozilla-tabextensions").
We apologize for the inconvenience.
A zlib update has been released for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-151-2 July 22, 2005
dpkg, ia32-libs, amd64-libs vulnerabilities
CAN-2005-1849, CAN-2005-2096
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
amd64-libs
amd64-libs-dev
dpkg
dpkg-dev
dselect
ia32-libs
ia32-libs-dev
On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev), 1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1 (dpkg, dpkg-dev, dpkg-doc and dselect).
On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev), 1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1 (dpkg, dpkg-dev, dpkg-doc and dselect).
In general, a standard system upgrade is sufficient to effect the necessary changes.
Dear Hoary users,
yesterday a security update for Mozilla Firefox was relased (USN-149-1). Many users seem to have problems with the new version, it crashes very often.
The problem is that one of the security patches changed the API (the interface that extensions use to integrate with the browser), which breaks many extensions. Similar problems happen with the upstream release 1.0.6, so using that does not help very much.
To get an usable browser quickly, you have two options:
1) Uninstall extensions. Some extensions (like mozilla-tabextension, which is also packaged in Ubuntu universe) that rely on the old interface cause the browser to crash. Other extensions (like AdBlock) run fine.
or
2) Downgrade to the Hoary version:
sudo apt-get install mozilla-firefox=1.0.2-0ubuntu5 mozilla-firefox-gnome-support=1.0.2-0ubuntu5
However, this will expose you to a lot of vulnerabilities.
This issue is also tracked in Bugzilla:
https://bugzilla.ubuntu.com/show_bug.cgi?id=12854We will continue to track this issue and try to find a long term solution.
We apologize for the inconvenience,
Martin Pitt
Ubuntu Security Team leader
A PAM/NSS LDAP update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-152-1 July 21, 2005
openldap2, libpam-ldap, libnss-ldap vulnerabilities
CAN-2005-2069
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libnss-ldap
libpam-ldap
slapd
On Ubuntu 4.10, the problem can be corrected by upgrading the affected packages to version 2.1.30-2ubuntu4.1 (slapd), 164-2ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).
On Ubuntu 5.04, the problem can be corrected by upgrading the affected packages to version 2.1.30-3ubuntu3.1 (slapd), 169-1ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).
In general, a standard system upgrade is sufficient to effect the necessary changes.
(Please note that libnss-ldap and libpam-ldap are not officially supported by Ubuntu, they are in the "universe" suite of the archive.)
A zlib security update has been released for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-151-1 July 21, 2005
zlib vulnerability
CAN-2005-1849
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
zlib1g
The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2 (for Ubuntu 5.04).
A KDE library has been released for Ubuntu Linux 5.04
==========================================================
Ubuntu Security Notice USN-150-1 July 21, 2005
kdelibs vulnerability
CAN-2005-1920
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kdelibs4
The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu3.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
A Firefox security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-149-1 July 21, 2005
mozilla-firefox vulnerabilities
CAN-2005-1937, CAN-2005-2260, CAN-2005-2261, CAN-2005-2263,
CAN-2005-2264, CAN-2005-2265, CAN-2005-2266, CAN-2005-2267,
CAN-2005-2268, CAN-2005-2269, CAN-2005-2270
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.4. After a standard system upgrade you need to restart Firefox to effect the necessary changes.
Please note that the Ubuntu 4.10 version is also affected; an upgrade is in preparation.
