Ubuntu security bulletins (USN-525-1 - libsndfile vulnerabilities)

USN-525-1: libsndfile vulnerabilities
Threat-level (*): Moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's recommended that you perform (at least) a standard system upgrade to avoid possible:

• Remote attacks based on wrong memory buffers handling of the libsndfile library, with the following consequences:
• arbitrary code execution with the user privileges if a specially crafted FLAC file is executed on the attacked system
  

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-524-1 - OpenOffice vulnerabilities)

USN-524-1: OpenOffice vulnerabilities
Threat-level (*): Moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's recommended that you perform (at least) a standard system upgrade to avoid possible:

• Remote attacks based on an integer overflow of the OpenOffice suite, with the following consequences:
• arbitrary code execution with the user privileges
  

NOTE: OpenOffice needs to be restarted for the changes to be applied.
________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-523-1 - ImageMagick vulnerabilities)

USN-523-1: ImageMagick vulnerabilities
Threat-level (*): Less-than-moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's recommended that you perform (at least) a standard system upgrade to avoid possible:

• Remote attacks based on flaws of the ImageMagick libraries, with the following consequences:
• arbitrary code execution with user privileges
  

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-518-1 - Kernel vulnerabilities)

USN-518-1: Linux kernel vulnerabilities
Threat-level (*): moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's strongly recommended that you perform (at least) a standard system upgrade to avoid possible:

• Local attacks based on ptrace routines, with the following consequences:
• denial of service
  
• Local attacks on PowerPC computers, with the following consequences:
• denial of service
• Local attacks performed exploiting a CIFS filesystems vulnerability, with the following consequences:
• privileges escalation (gain of additional privileges on the local system)
• Local attacks that exploits some x86_64 kernels vulnerabilities, with the following consequences:
• privileges escalation (gain of root privileges on the local system)
  

NOTE: After the upgrade for the changes to affect your system you must restart your computer.

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-514-1 - X.org server)

USN-514-1: X.org-related privilege escalation
Threat-level (*): Moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:

• Exploits based on a bug found in the server core (and in its composite extension), with the following possible consequences:
• arbitrary code execution with root user privileges

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-513-1 - QT libraries)

USN-513-1: QT libraries possible buffer overflows
Threat-level (*): Less-than-moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

Notice that QT3 libraries are used by all KD3-based applications.
It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:

• Attacks based on specially crafted UTF-8 strings that can lead to small buffer overflows, with the following possible consequences:
• arbitrary code execution
  
• denial of service

After the upgrade for the changes to affect your system you need to restart your user-session (i.e. log-out and then re-log-in to your system).

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-503-1 - Thunderbird)

USN-503-1: Thunderbird Javascript flaws
Threat-level (*): Less-than-moderate

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

Affected Thunderbird version:

• mozilla-thunderbird 1.5

It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:

• Attacks based on malicious-emails (based on Thunderbird Javascript flaws):
• arbitrary execution of applications placed on the attacked computer with the privileges of the user that opened the malicious mail
• execution of arbitrary code with the privileges of the user
  

________
(*) = IMHO = It's just my opinion...

Ubuntu security bulletins (USN-499-1 - Apache)

Today I inaugurate a new service: thanks to the Ubuntu Security Notices, I am able to provide an updated list of the Ubuntu vulnerabilities as they are discovered and posted to the ubuntu-security-announce mailing list.
I won't provide every report submitted to this list, but I think I'll select just the more interesting among them.

The first post is for the Apache-aholik ones:

USN-499-1: Apache vulnerabilities
Threat level (*): MODERATE

Affected Ubuntu versions:

• Ubuntu 6.06 LTS
• Ubuntu 6.10
• Ubuntu 7.04
• (and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu)

It's recommended that you perform (at least) a standard upgrade of your system to avoid possible:

• XSS attacks (consequences: data/passwords stealing and other minor threats)
  
• Denial-of-service attacks
• Apache signal handling flaws

________
(*) = IMHO = It's just my opinion...