Security Updates and Patches in Ubuntu 11.04 Natty Narwhal.

Summary of Security Items in Ubuntu 11.04 "Natty Narwhal":

  • Version of "host" bundled with bind 9.X
  •  Chromium Browser
  •  Page Inspector for the Chromium Browser
  • Chromium Browser Language Packages
  •  Free Ffmpeg Codecs for Chromium Browser
  • Clients provided with BIND
  • Adobe Flash Player Plugin Installer  - transitional package -

Version of "host" bundled with bind 9.X:

Version 1:9.7.3.dfsg-1ubuntu2.2:

  * SECURITY UPDATE: denial of service via specially crafted packet
    - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
      nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
      flag to indicate negative-cache records rather than using rrtype 0.
    - Patch backported from 9.7.3-P3.
    - CVE-2011-2464

This package provides the 'host' program in the form that is bundled with the BIND 9.X sources.


Chromium Browser:

Updates for versions:

12.0.742.91~r87961-0ubuntu0.11.04.1
12.0.742.112~r90304-0ubuntu0.11.04.1

Version12.0.742.112~r90304-0ubuntu0.11.04.1:

  [ Fabien Tassin <fta@ubuntu.com> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.


Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web.

Chromium serves as a base for Google Chrome, which is Chromium rebranded (name and logo) with very few additions such as usage tracking and an auto-updater system.

This package contains the Chromium browser.


Page Inspector for the Chromium Browser transitional package.

Versione 12.0.742.112~r90304-0ubuntu0.11.04.1:

  [ Fabien Tassin <fta@ubuntu.com> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web.

This package is safe to remove as the inspector has moved into the main chromium-browser package.


Chromium Browser Language Packages:

Versione 12.0.742.112~r90304-0ubuntu0.11.04.1:

  [ Fabien Tassin <fta@ubuntu.com> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web.

This package contains language packages for 54 languages: am, ar, bg, bn, ca, cs, da, de, el, en-GB, es, es-419, et, eu, fa, fi, fil, fr, gl, gu, he, hi, hr, hu, id, it, ja, kn, ko, lt, lv, ml, mr, nb, nl, pl, pt-BR, pt-PT, ro, ru, sk, sl, sr, sv, sw, ta, te, th, tr, ug, uk, vi, zh-CN, zh-TW



Free Ffmpeg Codecs for Chromium Browser:

Versione 12.0.742.112~r90304-0ubuntu0.11.04.1:

  [ Fabien Tassin <fta@ubuntu.com> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.



Clients provided with BIND:

Versione 1:9.7.3.dfsg-1ubuntu2.2:

  * SECURITY UPDATE: denial of service via specially crafted packet
    - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
      nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
      flag to indicate negative-cache records rather than using rrtype 0.
    - Patch backported from 9.7.3-P3.
    - CVE-2011-2464

The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.

BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers various client programs related to DNS that are derived from the BIND source tree.

* dig - query the DNS in various ways
* nslookup - the older way to do it
* nsupdate - perform dynamic updates (See RFC2136)



Adobe Flash Player Plugin Installer - transitional package - :

  Versione 10.3.181.34ubuntu0.11.04.1:

  * New upstream release 10.3.181.34 (LP: #803761)
    - debian/config, debian/postinst: Updated sha256sums and path.

Downloads and Installs the Adobe Flash Player plugin. The Adobe Flash Player plugin supports playing of media and other dynamic content online.

The Adobe Flash Player plugin will work with a range of web-browsers including, limited to:

* Firefox
* Chromium
* SeaMonkey
* Iceweasel
* Iceape
* Galeon
* Epiphany
* Konqueror WARNING: Installing this Ubuntu package causes the Adobe Flash

Player plugin to be downloaded from www.adobe.com. The distribution license of the Adobe Flash Player plugin is available at www.adobe.com. Installing this Ubuntu package implies that you have accepted the terms of that license.


Custom Search

Adserver           610x250


If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:


rss_trappola
Share on Google Plus

About Hugo Repetto

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

Gadget

This content is not yet available over encrypted connections.

My Favorites