Ubuntu Hoary Array CD 6 is now available, after a short delay due an outage at their data center:
Array CD 6 is ready. This is the sixth in a series of milestone CD images, released when they're known to be reasonably free of showstopper CD-build or installer bugs, while representing very current snapshots of Hoary. You can download it here:
http://cdimage.ubuntu.com/releases/hoary/array-6/See
http://www.ubuntu.com/wiki/Archive for access instructions.
Pre-release versions of Hoary are *not* encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional breakage. They *are* recommended for Ubuntu developers and those who want to help in testing, reporting, and fixing bugs.
An Imagemagick security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-90-1 March 03, 2005
imagemagick vulnerability
CAN-2005-0397
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
imagemagick
libmagick6
The problem can be corrected by upgrading the affected package to version 5:6.0.2.5-1ubuntu1.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
A Cyrus IMAP server security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-87-1 February 28, 2005
cyrus21-imapd vulnerability
CAN-2005-0546
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
cyrus21-imapd
The problem can be corrected by upgrading the affected package to version 2.1.16-6ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
An updated reportbug package has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-88-1 February 28, 2005
reportbug information disclosure
https://bugzilla.ubuntulinux.org/6600 https://bugzilla.ubuntulinux.org/6717==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
reportbug
The problem can be corrected by upgrading the affected package to version 2.62ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. However, if your users already have ~/.reportbugrc files with SMTP passwords, you need to manually change their permissions with
chmod 600 .reportbugrc
A XML library security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-89-1 February 28, 2005
libxml vulnerabilities
CAN-2004-0989
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libxml1
The problem can be corrected by upgrading the affected package to version 1:1.8.17-8ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
A cURL security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-86-1 February 28, 2005
curl vulnerability
CAN-2005-0940
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libcurl2
libcurl2-gssapi
The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Canonical is proud to announce the second conference around the Ubuntu conference.
Without further ado, here are the essential details on the next get together:
--> What: Ubuntu Down Under
--> Where: Sydney, Australia
--> When: 25 - 30 April 2005 (arrive on 24th, depart on 1st)
--> Who: Open to the Public
Open to the public means that everyone is welcome to come, and that means you too. That said, we are asking that people tell us they are coming. You can find information on doing this on the page linked below.
There's not a huge amount of information online yet but everything we do have is here or linked from here:
http://www.ubuntulinux.org/wiki/UbuntuDownUnderAs we get more information, we will be updating that page.
Like last time, there is a limited amount of money for sponsorship. Anyone is welcome to apply for sponsorship although we will give preference to people who are active, visible, and known in the community and who are from the general geographical area. Since Canonical conferences move around the world but clearly can't be everywhere, the general geographical area in this case extends to much of East, Southeast, and South of Asia and to Australasia, and the Pacific. More information on sponsorship is in the conference page. All requests for sponsorship must be made no later than March 13th.
Updated Gaim packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-85-1 February 25, 2005
gaim vulnerabilities
CAN-2005-0208, CAN-2005-0472, CAN-2005-0473
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
New Squid packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-84-1 February 21, 2005
squid vulnerabilities
CAN-2005-0194, CAN-2005-0446
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
squid
The problem can be corrected by upgrading the affected package to version 2.5.5-6ubuntu0.5. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
When parsing the configuration file, squid interpreted empty Access Control Lists (ACLs) without defined authentication schemes in a non-obvious way. This could allow remote attackers to bypass intended ACLs. (CAN-2005-0194)
A remote Denial of Service vulnerability was discovered in the domain name resolution code. A faulty or malicious DNS server could stop the Squid server immediately by sending a malformed IP address. (CAN-2005-0446)
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5.diff.gz
Size/MD5: 273103 b227505fff84a15f636d1a40ef894a59
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5.dsc
Size/MD5: 652 03dda2b1794bee143c7bb2c907177dec
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
Size/MD5: 1363967 6c7f3175b5fa04ab5ee68ce752e7b500
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.5_all.deb
Size/MD5: 190542 18ac376117476528d04ecf34c39605c5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 89972 6c0d1ca2955e65c617a0ffb9835fb7d0
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 812832 c4ae1fa8c10241c975be5a5ae713d259
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_amd64.deb
Size/MD5: 71320 6426cdd50abe26ff32430f10384f98b6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 88484 048eee3bff6f8c1c2a27c422d8d02878
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 728800 86015fa3f0e70ca114d50600779a5218
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_i386.deb
Size/MD5: 70052 fa490312c320b567d0a2ab9aa86516a9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 89398 69752585a510d3e5fd35f3855d316354
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 796142 ce07df2197a74e4da2325e39e153b38a
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.5_powerpc.deb
Size/MD5: 70814 1074527b3d8dc744aa1b128713c902ba
Ryan Thiessen has published a review of Ubuntu Hoary Array-5 LiveCD
The fifth Ubuntu Hoary Array CD has been released. This release is for testing purpose only.
A PHP security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-66-2 February 17, 2005
php4 vulnerability
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
php4-curl
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
A LessTif 2 security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-83-1 February 16, 2005
lesstif1-1 vulnerabilities
CAN-2004-0914
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
lesstif2
The problem can be corrected by upgrading the affected package to version 1:0.93.94-4ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Updated Linux Kernel packages are available for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-82-1 February 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0176, CAN-2005-0177, CAN-2005-0178
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-source-2.6.8.1
The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.11. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change this kernel got a new version number, which requires to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version.
An iptables update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-81-1 February 11, 2005
iptables vulnerability
CAN-2004-0986
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
iptables
The problem can be corrected by upgrading the affected package to version 1.2.9-10ubuntu0.1. After a standard system upgrade you have to restart your firewall to ensure that the necessary changes take effect.
A mod_python security update is available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-80-1 February 11, 2005
libapache2-mod-python vulnerabilities
CAN-2005-0088
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-python2.2
libapache2-mod-python2.3
The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using
sudo /etc/init.d/apache2 restart
to effect the necessary changes.
New PostgreSQL packages are available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-79-1 February 10, 2005
postgresql vulnerabilities
CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postgresql
postgresql-contrib
The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
OSDir has posted a screnshot slideshow of the Ubuntu Linux 5.04 Array-4 CD
A Mailman security update has been released for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-78-1 February 09, 2005
mailman vulnerabilities
CAN-2005-0202
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
mailman
The problem can be corrected by upgrading the affected package to version 2.1.5-1ubuntu2.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
OSNews has posted a review on Ubuntu Linux 4.10
