A fetchmail update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-153-1 July 26, 2005
fetchmail vulnerability
CAN-2005-2335
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
fetchmail
The problem can be corrected by upgrading the affected package to version 6.2.5-8ubuntu2.1 (for Ubuntu 4.10), or 6.2.5-12ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Fixed Firefox packages are available for Ubuntu Linux 5.04
==========================================================
Ubuntu Security Notice USN-149-2 July 25, 2005
mozilla-firefox regressions
Ubuntu bugs #10681, #12854, #12882
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
mozilla-firefox-gnome-support
The problem can be corrected by upgrading the affected package to version 1.0.6-0ubuntu0.1. After performing a standard system upgrade you need to restart Firefox to effect the necessary changes.
Details follow:
USN-149-1 fixed several vulnerabilities in the Firefox web browser. Unfortunately that update introduced a lot of regressions, especially when using extensions, so another update is necessary. The new packages ship Firefox version 1.0.6 which should now work well with most extensions (one known exception is the package "mozilla-tabextensions").
We apologize for the inconvenience.
A zlib update has been released for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-151-2 July 22, 2005
dpkg, ia32-libs, amd64-libs vulnerabilities
CAN-2005-1849, CAN-2005-2096
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
amd64-libs
amd64-libs-dev
dpkg
dpkg-dev
dselect
ia32-libs
ia32-libs-dev
On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 0.5ubuntu2.1 (ia32-libs and ia32-libs-dev), 1.0ubuntu3.1 (amd64-libs and amd64-libs-dev), and 1.10.22ubuntu2.1 (dpkg, dpkg-dev, dpkg-doc and dselect).
On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 0.5ubuntu3.1 (ia32-libs and ia32-libs-dev), 1.1ubuntu0.1 (amd64-libs and amd64-libs-dev), and 1.10.27ubuntu1.1 (dpkg, dpkg-dev, dpkg-doc and dselect).
In general, a standard system upgrade is sufficient to effect the necessary changes.
Dear Hoary users,
yesterday a security update for Mozilla Firefox was relased (USN-149-1). Many users seem to have problems with the new version, it crashes very often.
The problem is that one of the security patches changed the API (the interface that extensions use to integrate with the browser), which breaks many extensions. Similar problems happen with the upstream release 1.0.6, so using that does not help very much.
To get an usable browser quickly, you have two options:
1) Uninstall extensions. Some extensions (like mozilla-tabextension, which is also packaged in Ubuntu universe) that rely on the old interface cause the browser to crash. Other extensions (like AdBlock) run fine.
or
2) Downgrade to the Hoary version:
sudo apt-get install mozilla-firefox=1.0.2-0ubuntu5 mozilla-firefox-gnome-support=1.0.2-0ubuntu5
However, this will expose you to a lot of vulnerabilities.
This issue is also tracked in Bugzilla:
https://bugzilla.ubuntu.com/show_bug.cgi?id=12854We will continue to track this issue and try to find a long term solution.
We apologize for the inconvenience,
Martin Pitt
Ubuntu Security Team leader
A PAM/NSS LDAP update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-152-1 July 21, 2005
openldap2, libpam-ldap, libnss-ldap vulnerabilities
CAN-2005-2069
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libnss-ldap
libpam-ldap
slapd
On Ubuntu 4.10, the problem can be corrected by upgrading the affected packages to version 2.1.30-2ubuntu4.1 (slapd), 164-2ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).
On Ubuntu 5.04, the problem can be corrected by upgrading the affected packages to version 2.1.30-3ubuntu3.1 (slapd), 169-1ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap).
In general, a standard system upgrade is sufficient to effect the necessary changes.
(Please note that libnss-ldap and libpam-ldap are not officially supported by Ubuntu, they are in the "universe" suite of the archive.)
A zlib security update has been released for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-151-1 July 21, 2005
zlib vulnerability
CAN-2005-1849
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
zlib1g
The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.2 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.2 (for Ubuntu 5.04).
A KDE library has been released for Ubuntu Linux 5.04
==========================================================
Ubuntu Security Notice USN-150-1 July 21, 2005
kdelibs vulnerability
CAN-2005-1920
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kdelibs4
The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu3.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
A Firefox security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-149-1 July 21, 2005
mozilla-firefox vulnerabilities
CAN-2005-1937, CAN-2005-2260, CAN-2005-2261, CAN-2005-2263,
CAN-2005-2264, CAN-2005-2265, CAN-2005-2266, CAN-2005-2267,
CAN-2005-2268, CAN-2005-2269, CAN-2005-2270
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mozilla-firefox
The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.4. After a standard system upgrade you need to restart Firefox to effect the necessary changes.
Please note that the Ubuntu 4.10 version is also affected; an upgrade is in preparation.
An announcement from Benjamin Mako Hill:
Another PEAR update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-147-2 July 06, 2005
php4, php4-universe fixed packages
https://bugzilla.ubuntu.com/show_bug.cgi?id=12426==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
php4-pear
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.10 (for Ubuntu 4.10), or 4:4.3.10-10ubuntu3.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A zlib security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-148-1 July 06, 2005
zlib vulnerability
CAN-2005-2096
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
zlib1g
The problem can be corrected by upgrading the affected package to version 1:1.2.1.1-3ubuntu1.1 (for Ubuntu 4.10), or 1:1.2.2-4ubuntu1.1 (for Ubuntu 5.04). A standard system upgrade is NOT SUFFICIENT to effect the necessary changes! If you can afford to reboot your machine, this is the easiest way to ensure that all services using this library are restarted correctly. If not, please manually restart all server applications.
A PHP XMLRPC security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-147-1 July 05, 2005
php4, php4-universe vulnerability
CAN-2005-1921
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libapache2-mod-php4
php4-pear
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.9 (for Ubuntu 4.10), or 4:4.3.10-10ubuntu3.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A Ruby security update has been released for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-146-1 June 29, 2005
ruby1.8 vulnerability
CAN-2005-1992
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libxmlrpc-ruby1.8
ruby1.8
The problem can be corrected by upgrading the affected package to version 1.8.1+1.8.2pre2-3ubuntu0.2 (for Ubuntu 4.10), or 1.8.1+1.8.2pre4-1ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes; however, if you run custom XMLRPC servers implemented in Ruby, you have to restart them.
A wget security update is available for Ubuntu Linux
===========================================================
Ubuntu Security Notice USN-145-1 June 28, 2005
wget vulnerabilities
CAN-2004-1487, CAN-2004-1488, CAN-2004-2014
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
wget
The problem can be corrected by upgrading the affected package to version 1.9.1-4ubuntu0.1 (for Ubuntu 4.10), or 1.9.1-10ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A dbus security update is available for Ubuntu 4.10
==========================================================
Ubuntu Security Notice USN-144-1 June 27, 2005
dbus vulnerability
CAN-2005-0201
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
dbus-1
The problem can be corrected by upgrading the affected package to version 0.22-1ubuntu2.1. You have to restart your Gnome session (i.e. log out and back in) after doing a standard system upgrade to effect the necessary changes.
A tcpdump update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-141-1 June 21, 2005
tcpdump vulnerability
CAN-2005-1267
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
tcpdump
The problem can be corrected by upgrading the affected package to version 3.8.3-3ubuntu0.3 (for Ubuntu 4.10), or 3.8.3-3ubuntu0.4 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
A sudo update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-142-1 June 21, 2005
sudo vulnerability
CAN-2005-1993
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
sudo
The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.2 (for Ubuntu 4.10), or 1.6.8p5-1ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Gaim security updates are available for Ubuntu Linux 4.10 and 5.04
==========================================================
Ubuntu Security Notice USN-140-1 June 15, 2005
gaim vulnerability
CAN-2005-1934
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.6 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.3 (for Ubuntu 5.04). After doing a standard system upgrade you need to restart Gaim to effect the necessary changes.
Gaim security update are available for Ubuntu Linux 4.10 and 5.04
=========================================================
Ubuntu Security Notice USN-139-1 June 10, 2005
gaim vulnerability
CAN-2005-1269
=========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.5 (for Ubuntu 4.10) and 1:1.1.4-1ubuntu4.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
gedit security updates are available for Ubuntu Linux 4.10 and 5.04
==========================================================
Ubuntu Security Notice USN-138-1 June 09, 2005
gedit vulnerability
CAN-2005-1686
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gedit
The problem can be corrected by upgrading the affected package to version 2.8.1-0ubuntu1.1 (for Ubuntu 4.10) and 2.10.2-0ubuntu2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
