sabato 3 ottobre 2009

Aggiornamenti di sicurezza per Ubuntu 9.04 Jaunty Jackalope riguardanti Samba e Python

Maria Susana Diaz | 06:07 |
Nuovi aggiornamenti sulla sicurezza rilasciati da Canonical per Ubuntu 9.04 Jaunty Jackalope relativi a Samba, Python ed altre librerie.

Come al solito questi aggiornamenti possono essere scaricati automaticamente attivando l'apposita opzione oppure selezionare quelli che vi interessano.

Agli updates di sicurezza considerati importanti si affiancano gli aggiornamenti raccomandati che di solito riguardano specifici programmi installati nel vostro sistema.

Versione 0.52.2-11.3ubuntu3.1:

* SECURITY UPDATE: denial of service and possible code execution via
reflowed text in text message box
- debian/patches/900_security_CVE-2009-2905.patch: calculate using
correct width in textbox.c.
- CVE-2009-2905



Newt is a windowing toolkit for text mode built from the slang library. It allows color text mode applications to easily use stackable windows, push buttons, check boxes, radio buttons, lists, entry fields, labels, and displayable text. Scrollbars are supported, and forms may be nested to provide extra functionality. This package contains the shared library for programs that have been built with newt.

Versione 2:3.3.2-1ubuntu3.2:

* SECURITY UPDATE: access control list modification when dos filemode is
enabled
- debian/patches/security-CVE-2009-1888.patch: fix group checking in
acl_group_override in source/smbd/posix_acls.c.
- CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
- debian/patches/security-CVE-2009-2813.patch: make sure home directory
is set in source/param/loadparm.c, source/smbd/service.c.
- CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
setuid mount.cifs
- debian/patches/security-CVE-2009-2948.patch: don't open credentials
file if user doesn't have permission, and don't print password when
using verbose option in source/client/mount.cifs.c.
- CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
notification reply
- debian/patches/security-CVE-2009-2906.patch: track messages already
processed in source/include/smb.h, source/smbd/process.c.
- CVE-2009-2906

This package provides a shared library that enables client applications to talk to Microsoft Windows and Samba servers using the SMB/CIFS protocol.

Versione 2:3.3.2-1ubuntu3.2:

* SECURITY UPDATE: access control list modification when dos filemode is
enabled
- debian/patches/security-CVE-2009-1888.patch: fix group checking in
acl_group_override in source/smbd/posix_acls.c.
- CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
- debian/patches/security-CVE-2009-2813.patch: make sure home directory
is set in source/param/loadparm.c, source/smbd/service.c.
- CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
setuid mount.cifs
- debian/patches/security-CVE-2009-2948.patch: don't open credentials
file if user doesn't have permission, and don't print password when
using verbose option in source/client/mount.cifs.c.
- CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
notification reply
- debian/patches/security-CVE-2009-2906.patch: track messages already
processed in source/include/smb.h, source/smbd/process.c.
- CVE-2009-2906

This package provides a library for client applications that interact via the winbind pipe protocol with a Samba winbind server.

Versione 0.52.2-11.3ubuntu3.1:

* SECURITY UPDATE: denial of service and possible code execution via
reflowed text in text message box
- debian/patches/900_security_CVE-2009-2905.patch: calculate using
correct width in textbox.c.
- CVE-2009-2905

This module allows you to built a text UI for your Python scripts using newt.


Versione 1:3.0.1-9ubuntu3.1:

* SECURITY UPDATE: fix integer underflow via crafted Word Document
- patches/dev300/sw.safe_tdelete_tinsert.diff: adjust sprmTDelete to
properly validate the number of columns
- CVE-2009-0200
* SECURITY UPDATE: fix buffer overflow via crafted Word Document
- patches/dev300/sw.safe_tdelete_tinsert.diff: adjust sprmTInsert to
properly validate the number of columns
- CVE-2009-0201
* patches/dev300/apply: create Security section and add
sw.safe_tdelete_tinsert.diff

The Python-UNO bridge allows use of the standard OpenOffice.org API with the Python scripting language. It additionally allows others to develop UNO components in Python, thus Python UNO components may be run within the OpenOffice.org process and can be called from C++ or the built in StarBasic scripting language.


Se ti è piaciuto l'articolo, iscriviti al feed per tenerti sempre aggiornato sui nuovi contenuti del blog:



TiPI (Ti Potrebbe Interessare)

LinuxLinks

GOOGLE+

LINKEDIN

Xtreme Download Manager, XDMAN Ubuntu, audio, Linux opera mini, browser internet Chromium Linux, Chrome, browsers tux collection, mascote Linux LibreCAD, Grafica, Disegno vim, editor, linux, ubuntu Ardour, audio, Ubuntu Unity, deskyop, Gnome, Ubuntu grafica 3d, Linux, Blender