Nuovi aggiornamenti sulla sicurezza rilasciati da Canonical per Ubuntu 9.04 Jaunty Jackalope relativi a Samba, Python ed altre librerie.
Come al solito questi aggiornamenti possono essere scaricati automaticamente attivando l'apposita opzione oppure selezionare quelli che vi interessano.
Agli updates di sicurezza considerati importanti si affiancano gli aggiornamenti raccomandati che di solito riguardano specifici programmi installati nel vostro sistema.
Come al solito questi aggiornamenti possono essere scaricati automaticamente attivando l'apposita opzione oppure selezionare quelli che vi interessano.
Agli updates di sicurezza considerati importanti si affiancano gli aggiornamenti raccomandati che di solito riguardano specifici programmi installati nel vostro sistema.
Versione 0.52.2-11.3ubuntu3.1:
* SECURITY UPDATE: denial of service and possible code execution via
reflowed text in text message box
- debian/patches/900_security_CVE-2009-2905.patch: calculate using
correct width in textbox.c.
- CVE-2009-2905
Newt is a windowing toolkit for text mode built from the slang library. It allows color text mode applications to easily use stackable windows, push buttons, check boxes, radio buttons, lists, entry fields, labels, and displayable text. Scrollbars are supported, and forms may be nested to provide extra functionality. This package contains the shared library for programs that have been built with newt.
Versione 2:3.3.2-1ubuntu3.2:
* SECURITY UPDATE: access control list modification when dos filemode is
enabled
- debian/patches/security-CVE-2009-1888.patch: fix group checking in
acl_group_override in source/smbd/posix_acls.c.
- CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
- debian/patches/security-CVE-2009-2813.patch: make sure home directory
is set in source/param/loadparm.c, source/smbd/service.c.
- CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
setuid mount.cifs
- debian/patches/security-CVE-2009-2948.patch: don't open credentials
file if user doesn't have permission, and don't print password when
using verbose option in source/client/mount.cifs.c.
- CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
notification reply
- debian/patches/security-CVE-2009-2906.patch: track messages already
processed in source/include/smb.h, source/smbd/process.c.
- CVE-2009-2906
This package provides a shared library that enables client applications to talk to Microsoft Windows and Samba servers using the SMB/CIFS protocol.
Versione 2:3.3.2-1ubuntu3.2:
* SECURITY UPDATE: access control list modification when dos filemode is
enabled
- debian/patches/security-CVE-2009-1888.patch: fix group checking in
acl_group_override in source/smbd/posix_acls.c.
- CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
- debian/patches/security-CVE-2009-2813.patch: make sure home directory
is set in source/param/loadparm.c, source/smbd/service.c.
- CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
setuid mount.cifs
- debian/patches/security-CVE-2009-2948.patch: don't open credentials
file if user doesn't have permission, and don't print password when
using verbose option in source/client/mount.cifs.c.
- CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
notification reply
- debian/patches/security-CVE-2009-2906.patch: track messages already
processed in source/include/smb.h, source/smbd/process.c.
- CVE-2009-2906
This package provides a library for client applications that interact via the winbind pipe protocol with a Samba winbind server.
Versione 0.52.2-11.3ubuntu3.1:
* SECURITY UPDATE: denial of service and possible code execution via
reflowed text in text message box
- debian/patches/900_security_CVE-2009-2905.patch: calculate using
correct width in textbox.c.
- CVE-2009-2905
This module allows you to built a text UI for your Python scripts using newt.
Versione 1:3.0.1-9ubuntu3.1:
* SECURITY UPDATE: fix integer underflow via crafted Word Document
- patches/dev300/sw.safe_tdelete_tinsert.diff: adjust sprmTDelete to
properly validate the number of columns
- CVE-2009-0200
* SECURITY UPDATE: fix buffer overflow via crafted Word Document
- patches/dev300/sw.safe_tdelete_tinsert.diff: adjust sprmTInsert to
properly validate the number of columns
- CVE-2009-0201
* patches/dev300/apply: create Security section and add
sw.safe_tdelete_tinsert.diff
The Python-UNO bridge allows use of the standard OpenOffice.org API with the Python scripting language. It additionally allows others to develop UNO components in Python, thus Python UNO components may be run within the OpenOffice.org process and can be called from C++ or the built in StarBasic scripting language.
Se ti è piaciuto l'articolo, iscriviti al feed per tenerti sempre aggiornato sui nuovi contenuti del blog:
Trovato questo articolo interessante? Condividilo sulla tua rete di contatti in Twitter, sulla tua bacheca su Facebook, in Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie!
