New Squid packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-84-1 February 21, 2005
squid vulnerabilities
CAN-2005-0194, CAN-2005-0446
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.5. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
When parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way. This could allow remote attackers to bypass intended ACLs. (CAN-2005-0194)
A remote Denial of Service vulnerability was discovered in the domain name resolution code. A faulty or malicious DNS server could stop the Squid server immediately by sending a malformed IP address. (CAN-2005-0446)
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5.diff.gz
Size/MD5: 273103 b227505fff84a15f636d1a40ef894a59
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5.dsc
Size/MD5: 652 03dda2b1794bee143c7bb2c907177dec
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.5_all.deb
Size/MD5: 190542 18ac376117476528d04ecf34c39605c5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 89972 6c0d1ca2955e65c617a0ffb9835fb7d0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 812832 c4ae1fa8c10241c975be5a5ae713d259
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 71320 6426cdd50abe26ff32430f10384f98b6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 88484 048eee3bff6f8c1c2a27c422d8d02878
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 728800 86015fa3f0e70ca114d50600779a5218
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 70052 fa490312c320b567d0a2ab9aa86516a9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 89398 69752585a510d3e5fd35f3855d316354
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 796142 ce07df2197a74e4da2325e39e153b38a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 70814 1074527b3d8dc744aa1b128713c902ba
Ryan Thiessen has published a review of Ubuntu Hoary Array-5 LiveCD
The fifth Ubuntu Hoary Array CD has been released. This release is for testing purpose only.
A PHP security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-66-2 February 17, 2005
php4 vulnerability
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
php4-curl
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
A LessTif 2 security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-83-1 February 16, 2005
lesstif1-1 vulnerabilities
CAN-2004-0914
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
lesstif2
The problem can be corrected by upgrading the affected package to version 1:0.93.94-4ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Updated Linux Kernel packages are available for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-82-1 February 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0176, CAN-2005-0177, CAN-2005-0178
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-source-2.6.8.1
The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.11. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change this kernel got a new version number, which requires to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version.
An iptables update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-81-1 February 11, 2005
iptables vulnerability
CAN-2004-0986
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
iptables
The problem can be corrected by upgrading the affected package to version 1.2.9-10ubuntu0.1. After a standard system upgrade you have to restart your firewall to ensure that the necessary changes take effect.
A mod_python security update is available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-80-1 February 11, 2005
libapache2-mod-python vulnerabilities
CAN-2005-0088
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-python2.2
libapache2-mod-python2.3
The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using
sudo /etc/init.d/apache2 restart
to effect the necessary changes.
New PostgreSQL packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-79-1 February 10, 2005
postgresql vulnerabilities
CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postgresql
postgresql-contrib
The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
OSDir has posted a screnshot slideshow of the Ubuntu Linux 5.04 Array-4 CD
A Mailman security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-78-1 February 09, 2005
mailman vulnerabilities
CAN-2005-0202
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mailman
The problem can be corrected by upgrading the affected package to version 2.1.5-1ubuntu2.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
OSNews has posted a review on Ubuntu Linux 4.10
A Squid security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-77-1 February 07, 2005
squid vulnerabilities
CAN-2005-0173, CAN-2005-0174, CAN-2005-0175, CAN-2005-0211
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
An Emacs security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-76-1 February 07, 2005
emacs21 vulnerability
CAN-2005-0100
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
emacs21-bin-common
The problem can be corrected by upgrading the affected package to version 21.3+1-5ubuntu4.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
A fourth Ubuntu Linux Hoary Hedgehog pre-release CD has been released. Hoary Hedgehog is the next Ubuntu Linux release which is planned for April 2005. This is a developer snapshot for testing purpose only.
A cpio security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-75-1 February 04, 2005
cpio vulnerability
CAN-1999-1572
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
cpio
The problem can be corrected by upgrading the affected package to version 2.5-1.1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
A Postfix security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-74-1 February 04, 2005
postfix vulnerability
http://bugs.debian.org/267837
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postfix
The problem can be corrected by upgrading the affected package to version 2.1.3-1ubuntu17.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
A Python security update is available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-73-1 February 03, 2005
python2.2, python2.3 vulnerability
CAN-2005-0089
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
python2.2
python2.3
The problem can be corrected by upgrading the affected package to version 2.2.3-10ubuntu0.1 (python2.2) and 2.3.4-2ubuntu0.1 (python2.3). After a standard system upgrade you must restart all running Python server applications that use XML-RPC to effect the necessary changes.
A Perl security update has been released for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-72-1 February 02, 2005
perl vulnerabilities
CAN-2005-0155, CAN-2005-0156
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
perl
The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
A PostgreSQL security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-71-1 February 01, 2005
postgresql vulnerability
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postgresql
The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
