Aggiornamenti di sicurezza importanti per Ubuntu 12.04 Precise Pangolin: X Server Core Server, Plugins fper Rhythmbox Music Player, Alternative JVM per OpenJDK using Cacao ed altri.

Sappiamo tutti quanto sia importante mantenere aggiornato il proprio sistema operativo, ma è parimenti esperienza comune che spesso siano proprio gli aggiornamenti a introdurre nuovi bug.

Ubuntu segue delle linee guida ben precise per gestire questa situazione.

La chiave di volta dell’intero discorso è che, una volta rilasciata la release, gli aggiornamenti non si fanno affatto, a meno che non riguardino vulnerabilità di sicurezza o bug particolarmente significativi.

Addirittura, nell’ottica di stabilizzare la release già durante le ultime fasi di sviluppo l’ingresso di nuovi pacchetti dei vari software è sottoposto ad un controllo particolarmente rigido (una fase nota agli sviluppatori come “Feature Freeze”, appunto).

Gli aggiornamenti proposti a continuazione fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical e riguardano in particolare i primi aggiornamenti importanti sulla sicurezza riguardanti la neonata Ubuntu 12.04 Precise Pangolin:

• Rhythmbox Music Player Gobject Instrospection Data.
• Alternative JVM for OpenJDK using Cacao.
• Xorg X Server Core Server.
• Plugins for Rhythmbox Music Player.
• Magnatune Plugin for Rhythmbox Music Player.

Rhythmbox Music Player Gobject Instrospection Data.

Rhythmbox is a very easy to use music playing and management program which supports a wide range of audio formats (including mp3 and ogg).

This package contains introspection data for the Rhythmbox core support libraries. It can be used to write and execute plugins for rhythmbox in interpreted languages supporting it.

Modifiche per le versioni:
Versione installata: 2.96-0ubuntu4
Versione disponibile: 2.96-0ubuntu4.1
Versione 2.96-0ubuntu4.1:
  * SECURITY UPDATE: fix insecure directory for python module import in
    context plugin
    - debian/patches/CVE-2012-3355.patch: update context plugin to use
      tempfile.mkdtemp() instead of /tmp/context. Patch thanks to
      Andreas Henriksson.
    - CVE-2012-3355

Modifiche per le versioni:
Versione installata: 6b24-1.11.1-4ubuntu3
Versione disponibile: 6b24-1.11.3-1ubuntu0.12.04.1
Versione 6b24-1.11.3-1ubuntu0.12.04.1:
  * SECURITY UPDATE: update to IcedTea 6 1.11.3
    - Security fixes:
      - S7079902, CVE-2012-1711: Refine CORBA data models
      - S7110720: Issue with vm config file loadingIssue with vm
        config file loading
      - S7143606, CVE-2012-1717: File.createTempFile should be improved
        for temporary files created by the platform.
      - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
      - S7143617, CVE-2012-1713: Improve fontmanager layout lookup
        operations
      - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation
        in RMIC
      - S7143872, CVE-2012-1718: Improve certificate extension
        processing
      - S7145239: Finetune package definition restriction
      - S7152811, CVE-2012-1723: Issues in client compiler
      - S7157609, CVE-2012-1724: Issues with loop
      - S7160677: missing else in fix for 7152811
      - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
    - Bug fixes:
      - PR1018: JVM fails due to SEGV during rendering some Unicode
        characters (part of 6886358)
  * Changelog, Makefile.am, aclocal.m4,
    arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp,
    patches/idresolver_fix.patch,
    patches/openjdk/6792400-Avoid_loading_Normalizer_resources.patch:
    drop inline changes, applied upstream
  * debian/patches/atk-wrapper-security.patch: updated
  * Makefile.{am,in}: don't apply patches/jtreg-LastErrorString.patch as
    it causes the testsuite runner to fail.

Alternative JVM for OpenJDK using Cacao.

The package provides an alternative runtime using the Cacao VM and the Cacao Just In Time Compiler (JIT).
This is a somewhat faster alternative than the Zero port on architectures like alpha, armel, m68k, mips, mipsel, powerpc and s390.
The VM is started with the option `-cacao'. See the README.Debian for details.

Modifiche per le versioni:
Versione installata: 6b24-1.11.1-4ubuntu3
Versione disponibile: 6b24-1.11.3-1ubuntu0.12.04.1
Versione 6b24-1.11.3-1ubuntu0.12.04.1:
  * SECURITY UPDATE: update to IcedTea 6 1.11.3
    - Security fixes:
      - S7079902, CVE-2012-1711: Refine CORBA data models
      - S7110720: Issue with vm config file loadingIssue with vm
        config file loading
      - S7143606, CVE-2012-1717: File.createTempFile should be improved
        for temporary files created by the platform.
      - S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement
      - S7143617, CVE-2012-1713: Improve fontmanager layout lookup
        operations
      - S7143851, CVE-2012-1719: Improve IIOP stub and tie generation
        in RMIC
      - S7143872, CVE-2012-1718: Improve certificate extension
        processing
      - S7145239: Finetune package definition restriction
      - S7152811, CVE-2012-1723: Issues in client compiler
      - S7157609, CVE-2012-1724: Issues with loop
      - S7160677: missing else in fix for 7152811
      - S7160757, CVE-2012-1725: Problem with hotspot/runtime_classfile
    - Bug fixes:
      - PR1018: JVM fails due to SEGV during rendering some Unicode
        characters (part of 6886358)
  * Changelog, Makefile.am, aclocal.m4,
    arm_port/hotspot/src/cpu/zero/vm/asm_helper.cpp,
    patches/idresolver_fix.patch,
    patches/openjdk/6792400-Avoid_loading_Normalizer_resources.patch:
    drop inline changes, applied upstream
  * debian/patches/atk-wrapper-security.patch: updated
  * Makefile.{am,in}: don't apply patches/jtreg-LastErrorString.patch as
    it causes the testsuite runner to fail.

The package provides an alternative runtime using the JamVM.

This is a somewhat faster alternative than the Zero port on architectures like armel, mips, mipsel, powerpc.

The VM is started with the option `-jamvm'. See the README.Debian for details.

Xorg X Server Core Server.

The Xorg X server is an X server for several architectures and operating systems, which is derived from the XFree86 4.x series of X servers.
The Xorg server supports most modern graphics hardware from most vendors, and supersedes all XFree86 X servers.
More information about X.Org can be found at: <URL:http://www.X.org>
This package is built from the X.org xserver module.
Modifiche per le versioni:
Versione installata: 2:1.11.4-0ubuntu10.2
Versione disponibile: 2:1.11.4-0ubuntu10.5
Versione 2:1.11.4-0ubuntu10.5:
  * SECURITY UPDATE: do not use input device names in logging format
    strings (LP: #996250):
    - debian/patches/509_log-format-fix.patch: backported upstream changes.
    - CVE-2012-2118

Versione 2:1.11.4-0ubuntu10.3:
  [ Maarten Lankhorst ]
  * Add upstream patches for proper device disabling (LP: #1009629)
    - 510-dix-return-early-from-DisableDevice-if-the-device-is.patch
    - 511-dix-move-freeing-the-sprite-into-a-function.patch
    - 512-dix-free-the-sprite-when-disabling-the-device.patch
    - 513-dix-disable-non-sprite-owners-first-when-disabling-p.patch
    - 514-Xi-drop-forced-unpairing-when-changing-the-hierarchy.patch
    - 515-dix-disable-all-devices-before-shutdown.patch

Plugins for  Rhythmbox Music Player.

Rhythmbox is a very easy to use music playing and management program which supports a wide range of audio formats (including mp3 and ogg). Originally inspired by Apple's iTunes, the current version also supports Internet Radio, iPod integration and generic portable audio player support, Audio CD burning, Audio CD playback, music sharing, and Podcasts.
This package contains the following plugins:
* Cover art
* Last.fm
* Context Panel
* DAAP Music Sharing
* FM Radio
* Portable Players
* IM Status
* Portable Players - iPod
* Song Lyrics
* Portable Players - MTP
* Python Console
* LIRC
* Nautilus Send-to
* Replay Gain
* MediaServer2 D-Bus
* MPRIS D-Bus      
Modifiche per le versioni:
Versione installata: 2.96-0ubuntu4
Versione disponibile: 2.96-0ubuntu4.1
Versione 2.96-0ubuntu4.1:
  * SECURITY UPDATE: fix insecure directory for python module import in
    context plugin
    - debian/patches/CVE-2012-3355.patch: update context plugin to use
      tempfile.mkdtemp() instead of /tmp/context. Patch thanks to
      Andreas Henriksson.
    - CVE-2012-3355

Magnatune Plugin for  Rhythmbox Music Player.

Modifiche per le versioni:
Versione installata: 2.96-0ubuntu4
Versione disponibile: 2.96-0ubuntu4.1
Versione 2.96-0ubuntu4.1:
  * SECURITY UPDATE: fix insecure directory for python module import in
    context plugin
    - debian/patches/CVE-2012-3355.patch: update context plugin to use
      tempfile.mkdtemp() instead of /tmp/context. Patch thanks to
      Andreas Henriksson.
    - CVE-2012-3355

Ricerca personalizzata

Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog: