===========================================================
Ubuntu Security Notice USN-841-1 October 05, 2009
glib2.0 vulnerability
CVE-2009-3289
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libglib2.0-0 2.16.6-0ubuntu1.2

Ubuntu 8.10:
libglib2.0-0 2.18.2-0ubuntu2.2

Ubuntu 9.04:
libglib2.0-0 2.20.1-0ubuntu2.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Arand Nash discovered that applications linked to GLib (e.g. Nautilus)
did not correctly copy symlinks. If a user copied symlinks with GLib,
the symlink target files would become world-writable, allowing local
attackers to gain access to potentially sensitive information.

===========================================================
Ubuntu Security Notice USN-840-1 October 01, 2009
openoffice.org vulnerabilities
CVE-2009-0200, CVE-2009-0201, CVE-2009-2139
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
openoffice.org-core 1:2.4.1-1ubuntu2.2

Ubuntu 8.10:
openoffice.org-core 1:2.4.1-11ubuntu2.2

Ubuntu 9.04:
openoffice.org-core 1:3.0.1-9ubuntu3.1

After a standard system upgrade you need to restart OpenOffice.org to
effect the necessary changes.

Details follow:

Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If
a user were tricked into opening a specially crafted Word document, a
remote attacker might be able to execute arbitrary code with user
privileges. (CVE-2009-0200, CVE-2009-0201)

A memory overflow flaw was discovered in OpenOffice.org’s handling of EMF
files. If a user were tricked into opening a specially crafted document, a
remote attacker might be able to execute arbitrary code with user
privileges. (CVE-2009-2139)

===========================================================
Ubuntu Security Notice USN-839-1 October 01, 2009
samba vulnerabilities
CVE-2009-1886, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906,
CVE-2009-2948
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.9
smbfs 3.0.22-1ubuntu3.9

Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.9
smbfs 3.0.28a-1ubuntu4.9

Ubuntu 8.10:
samba 2:3.2.3-1ubuntu3.6
smbclient 2:3.2.3-1ubuntu3.6
smbfs 2:3.2.3-1ubuntu3.6

Ubuntu 9.04:
samba 2:3.3.2-1ubuntu3.2
smbfs 2:3.3.2-1ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

J. David Hester discovered that Samba incorrectly handled users that lack
home directories when the automated [homes] share is enabled. An
authenticated user could connect to that share name and gain access to the
whole filesystem. (CVE-2009-2813)

Tim Prouty discovered that the smbd daemon in Samba incorrectly handled
certain unexpected network replies. A remote attacker could send malicious
replies to the server and cause smbd to use all available CPU, leading to a
denial of service. (CVE-2009-2906)

Ronald Volgers discovered that the mount.cifs utility, when installed as a
setuid program, would not verify user permissions before opening a
credentials file. A local user could exploit this to use or read the
contents of unauthorized credential files. (CVE-2009-2948)

Reinhard Nißl discovered that the smbclient utility contained format string
vulnerabilities in its file name handling. Because of security features in
Ubuntu, exploitation of this vulnerability is limited. If a user or
automated system were tricked into processing a specially crafted file
name, smbclient could be made to crash, possibly leading to a denial of
service. This only affected Ubuntu 8.10. (CVE-2009-1886)

Jeremy Allison discovered that the smbd daemon in Samba incorrectly handled
permissions to modify access control lists when dos filemode is enabled. A
remote attacker could exploit this to modify access control lists. This
only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-1886)

===========================================================
Ubuntu Security Notice USN-838-1 September 28, 2009
dovecot vulnerabilities
CVE-2008-4577, CVE-2008-5301, CVE-2009-2632, CVE-2009-3235
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
dovecot-common 1:1.0.10-1ubuntu5.2

Ubuntu 8.10:
dovecot-common 1:1.1.4-0ubuntu1.3

Ubuntu 9.04:
dovecot-common 1:1.1.11-0ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the ACL plugin in Dovecot would incorrectly handle
negative access rights. An attacker could exploit this flaw to access the
Dovecot server, bypassing the intended access restrictions. This only
affected Ubuntu 8.04 LTS. (CVE-2008-4577)

It was discovered that the ManageSieve service in Dovecot incorrectly
handled “..” in script names. A remote attacker could exploit this to read
and modify arbitrary sieve files on the server. This only affected Ubuntu
8.10. (CVE-2008-5301)

It was discovered that the Sieve plugin in Dovecot incorrectly handled
certain sieve scripts. An authenticated user could exploit this with a
crafted sieve script to cause a denial of service or possibly execute
arbitrary code. (CVE-2009-2632, CVE-2009-3235)

===========================================================
Ubuntu Security Notice USN-837-1 September 24, 2009
newt vulnerability
CVE-2009-2905
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libnewt0.51 0.51.6-31ubuntu1.1

Ubuntu 8.04 LTS:
libnewt0.52 0.52.2-11.2ubuntu1.1

Ubuntu 8.10:
libnewt0.52 0.52.2-11.3ubuntu1.1

Ubuntu 9.04:
libnewt0.52 0.52.2-11.3ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Miroslav Lichvar discovered that Newt incorrectly handled rendering in a
text box. An attacker could exploit this and cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program.

===========================================================
Ubuntu Security Notice USN-836-1 September 23, 2009
webkit vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698,
CVE-2009-1711, CVE-2009-1712, CVE-2009-1725
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
libwebkit-1.0-1 1.0.1-2ubuntu0.2
libwebkit-1.0-1-dbg 1.0.1-2ubuntu0.2
libwebkit-dev 1.0.1-2ubuntu0.2

Ubuntu 9.04:
libwebkit-1.0-1 1.0.1-4ubuntu0.1
libwebkit-1.0-1-dbg 1.0.1-4ubuntu0.1
libwebkit-dev 1.0.1-4ubuntu0.1

After a standard system upgrade you need to restart any applications that
use WebKit, such as Epiphany-webkit and Midori, to effect the necessary
changes.

Details follow:

It was discovered that WebKit did not properly handle certain SVGPathList
data structures. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-0945)

Several flaws were discovered in the WebKit browser and JavaScript engines.
If a user were tricked into viewing a malicious website, a remote attacker
could cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690,
CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)

It was discovered that WebKit did not prevent the loading of local Java
applets. If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program. (CVE-2009-1712)

===========================================================
Ubuntu Security Notice USN-835-1 September 21, 2009
neon, neon27 vulnerabilities
CVE-2008-3746, CVE-2009-2474
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libneon25 0.25.5.dfsg-5ubuntu0.1

Ubuntu 8.04 LTS:
libneon27 0.27.2-1ubuntu0.1
libneon27-gnutls 0.27.2-1ubuntu0.1

Ubuntu 8.10:
libneon27 0.28.2-2ubuntu0.1
libneon27-gnutls 0.28.2-2ubuntu0.1

Ubuntu 9.04:
libneon27 0.28.2-6.1ubuntu0.1
libneon27-gnutls 0.28.2-6.1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Joe Orton discovered that neon did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this
to perform a man in the middle attack to view sensitive information or
alter encrypted communications.

===========================================================
Ubuntu Security Notice USN-834-1 September 21, 2009
postgresql-8.1, postgresql-8.3 vulnerabilities
CVE-2009-3229, CVE-2009-3230, CVE-2009-3231
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
postgresql-8.1 8.1.18-0ubuntu0.6.06

Ubuntu 8.04 LTS:
postgresql-8.3 8.3.8-0ubuntu8.04

Ubuntu 8.10:
postgresql-8.3 8.3.8-0ubuntu8.10

Ubuntu 9.04:
postgresql-8.3 8.3.8-0ubuntu9.04

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that PostgreSQL could be made to unload and reload an
already loaded module by using the LOAD command. A remote authenticated
attacker could exploit this to cause a denial of service. This issue did
not affect Ubuntu 6.06 LTS. (CVE-2009-3229)

Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION
AUTHORIZATION operations were allowed inside security-definer functions. A
remote authenticated attacker could exploit this to escalate privileges
within PostgreSQL. (CVE-2009-3230)

It was discovered that PostgreSQL did not properly perform LDAP
authentication under certain circumstances. When configured to use LDAP
with anonymous binds, a remote attacker could bypass authentication by
supplying an empty password. This issue did not affect Ubuntu 6.06 LTS.
(CVE-2009-3231)

===========================================================
Ubuntu Security Notice USN-833-1 September 18, 2009
kde4libs, kdelibs vulnerability
CVE-2009-2702
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.3

Ubuntu 8.10:
kdelibs4c2a 4:3.5.10-0ubuntu6.2
kdelibs5 4:4.1.4-0ubuntu1~intrepid1.3

Ubuntu 9.04:
kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.2
kdelibs5 4:4.2.2-0ubuntu5.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that KDE did not properly handle certificates with NULL
characters in the Subject Alternative Name field of X.509 certificates. An
attacker could exploit this to perform a man in the middle attack to view
sensitive information or alter encrypted communications.