prioritized Security Updates and fixes. I run a netbook with Ubuntu
10.04 LTS and a notebook with 10.10 and this seems to be the case.
Check this list out.... you may want to join... (Official list)
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
LATEST / SAMPLE
Fwd: [USN-1232-3] X.Org X server vulnerability
-------- Original Message --------
Subject: [USN-1232-3] X.Org X server vulnerability
Date: Thu, 20 Oct 2011 19:19:07 -0400
From: Marc Deslauriers <marc.deslauriers@...>
Reply-To: ubuntu-users@..., Ubuntu Security <security@...>
To: ubuntu-security-announce@...
==========================================================================
Ubuntu Security Notice USN-1232-3
October 20, 2011
xorg-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
The X server could be made to crash or run programs as an administrator.
Software Description:
- xorg-server: X.Org X server
Details:
USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was
found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was
released to temporarily disable the problematic security fix. This update
includes a revised fix for CVE-2010-4818.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly execute arbitrary code
with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-4818)
It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly read arbitrary data from
the X server process. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-4819)
Vladz discovered that the X server incorrectly handled lock files. A local
attacker could use this flaw to determine if a file existed or not.
(CVE-2011-4028)
Vladz discovered that the X server incorrectly handled setting lock file
permissions. A local attacker could use this flaw to gain read permissions
on arbitrary files and view sensitive information. (CVE-2011-4029)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
xserver-xorg-core 2:1.9.0-0ubuntu7.6
Ubuntu 10.04 LTS:
xserver-xorg-core 2:1.7.6-2ubuntu7.10
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1232-3
http://www.ubuntu.com/usn/usn-1232-1
CVE-2010-4818
Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.6
https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.10
2 of 2 File(s)
On 10/22/2011 05:02 PM, Roy wrote:
> The next LTS will be Perfect Pangolin 12.04 which is due next April. Mark
> Shuttleworth says they will focus on polish, performance and predictability.
> http://www.omgubuntu.co.uk/2011/10/shuttleworth-next-ubuntu-release-to-focus-on-polish-performance-and-predictability/
> So it will not add much in the way of change.
>
> Roy
> Sent by Android device
> On Oct 22, 2011 4:05 PM, "g.linuxducks"<g.linuxducks@gmail.com> wrote:
>
>> This amsers what will be the next LTS (Long Term Support) from Ubuntu
>> after the existing 10.04 LTS....
>>
>> Ubuntu 12.04 LTS will be supported for 5 years
>> Liliputing
>> Canonical has announced that the next "Long Term Support" or LTS version
>> of Ubuntu Linux will receive 5 years of support and maintenance. Up
>> until now, the company only offered 3 years of support for its LTS
>> projects, but the idea is to offer extended ...
>>
>> http://liliputing.com/2011/10/ubuntu-12-04-lts-will-be-supported-for-5-years.html
>>
>>
>>
>> ------------------------------------
>>
>> To unsubscribe from this list, please email
>> LINUX_Newbies-unsubscribe@yahoogroups.com& you will be removed.Yahoo!
>> Groups Links
>>
>>
>>
>>
------------------------------------
To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/LINUX_Newbies/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/LINUX_Newbies/join
(Yahoo! ID required)
<*> To change settings via email:
LINUX_Newbies-digest@yahoogroups.com
LINUX_Newbies-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
LINUX_Newbies-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
No comments:
Post a Comment