Nuovi aggiornamenti per Ubuntu 9.10 Karmic Koala. Fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical. Insieme agli aggiornamenti ritenuti importanti ci sono altri considerati "raccomandati" e riguardano specificamente programmi installati nel nostro computer.
Come al solito se abbiamo scelto (di default) installarli automaticamente, al miglior "stile windows" comparirà una finestra con gli updates a eseguire semplicemente cliccando su Installa. Se, invece, abbiamo disattivato questa opzione, possiamo sempre installarli mnualmente con sudo apt-get update.
Riguardano:
Come al solito se abbiamo scelto (di default) installarli automaticamente, al miglior "stile windows" comparirà una finestra con gli updates a eseguire semplicemente cliccando su Installa. Se, invece, abbiamo disattivato questa opzione, possiamo sempre installarli mnualmente con sudo apt-get update.
Riguardano:
blind9-host
This package provides the 'host' program in the form that is bundled with the BIND 9.X sources.
This version differs from the one provided in the package called host, which is from NIKHEF, and has a similar but different set of features/options.
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Scaricamento dell'elenco dei cambiamenti non riuscito.
Verificare la connessione a Internet.
dnsutils
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Versione 1:9.6.1.dfsg.P1-3ubuntu0.3:
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
from 9.6.1-P3
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
9.6.1-P3
- CVE-2010-0097
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Versione 1:9.6.1.dfsg.P1-3ubuntu0.3:
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
from 9.6.1-P3
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
9.6.1-P3
- CVE-2010-0097
gzip
Cambiamenti per le versioni:
1.3.12-8ubuntu1
1.3.12-8ubuntu1.1
Versione 1.3.12-8ubuntu1.1:
* SECURITY UPDATE: denial of service or possible code execution via
integer underflow
- unlzw.c: prevent integer underflow.
- Patch thanks to Jim Meyering
- CVE-2010-0001
This package provides the standard GNU file compression utilities, which are also the default compression tools for Debian.
They typically operate on files with names ending in '.gz', but can also decompress files ending in '.Z' created with 'compress'.
libbind9-50
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Versione 1:9.6.1.dfsg.P1-3ubuntu0.3:
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
from 9.6.1-P3
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
9.6.1-P3
- CVE-2010-0097
The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.
BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org.
This package delivers the libbind9 shared library used by BIND's daemons and clients.
libdns50
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Versione 1:9.6.1.dfsg.P1-3ubuntu0.3:
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
from 9.6.1-P3
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
9.6.1-P3
- CVE-2010-0097
The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.
BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org.
This metapackage eases the upgrade path to libdns53.
libdns53
Cambiamenti per le versioni:
1:9.6.1.dfsg.P1-3ubuntu0.2
1:9.6.1.dfsg.P1-3ubuntu0.3
Versione 1:9.6.1.dfsg.P1-3ubuntu0.3:
* SECURITY UPDATE: incorrect cache update from additional section
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: further fixes backported
from 9.6.1-P3
- CVE-2009-4022
* SECURITY UPDATE: incorrect caching of bogus NXDOMAIN responses
- bin/named/query.c, lib/dns/include/dns/{db.h,types.h},
lib/dns/{rbtdb.c,resolver.c,validator.c}: fixes backported from
9.6.1-P3
- CVE-2010-0097
The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.
BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org.
This package delivers the libdns shared library used by BIND's daemons and clients.
libexpat1
Cambiamenti per le versioni:
2.0.1-4ubuntu1
2.0.1-4ubuntu1.1
Versione 2.0.1-4ubuntu1.1:
* SECURITY UPDATE: fix DoS via malformed XML
- update lib/xmltok_impl.c to not access beyond end of input string
- CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
- update lib/xmlparse.c to properly recognize the end of a token
- CVE-2009-3560
This package contains the runtime, shared library of expat, the C library for parsing XML.
libexpat1-dev
Cambiamenti per le versioni:
2.0.1-4ubuntu1
2.0.1-4ubuntu1.1
Versione 2.0.1-4ubuntu1.1:
* SECURITY UPDATE: fix DoS via malformed XML
- update lib/xmltok_impl.c to not access beyond end of input string
- CVE-2009-2625
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
- update lib/xmlparse.c to properly recognize the end of a token
- CVE-2009-3560
This package contains the header file and development libraries of expat, the C library for parsing XML.
Expat is a stream oriented XML parser.
This means that you register handlers with the parser prior to starting the parse.
These handlers are called when the parser discovers the associated structures in the document being parsed.
A start tag is an example of the kind of structures for which you may register handlers.
pidgin
Cambiamenti per le versioni:
1:2.6.2-1ubuntu7
1:2.6.2-1ubuntu7.1
Versione 1:2.6.2-1ubuntu7.1:
* SECURITY UPDATE: denial of service via crafted contact list data
- debian/patches/63_security_CVE-2009-3615.patch: validate contact
list structure in libpurple/protocols/oscar/oscar.c.
- CVE-2009-3615
* SECURITY UPDATE: directory traversal via custom smiley request
(LP: #501089)
- debian/patches/64_security_CVE-2010-0013.patch: ignore request for
smileys that don't exist in the image store in
libpurple/protocols/msn/slp.c.
- CVE-2010-0013
This package contains the header file and development libraries of expat, the C library for parsing XML.
Expat is a stream oriented XML parser.
This means that you register handlers with the parser prior to starting the parse.
These handlers are called when the parser discovers the associated structures in the document being parsed.
A start tag is an example of the kind of structures for which you may register handlers.
Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:
Nessun commento:
Posta un commento