A new release of the Ubuntu Cloud Images for stable Ubuntu release 11.10 (Oneiric Ocelot) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'apt-get update && sudo apt-get dist-upgrade && reboot'.
The Linux kernel was updated from 3.0.0-26.42 [3] to 3.0.0-29.46 [4] The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apparmor: 2.7.0~beta1+bzr1774-1ubuntu2.1 => 2.7.0~beta1+bzr1774-1ubuntu2.2 * apport: 1.23-0ubuntu4 => 1.23-0ubuntu4.1 * apt: 0.8.16~exp5ubuntu13.5 => 0.8.16~exp5ubuntu13.6 * bind9: 1:9.7.3.dfsg-1ubuntu4.4 => 1:9.7.3.dfsg-1ubuntu4.5 * dbus: 1.4.14-1ubuntu1 => 1.4.14-1ubuntu1.3 * eglibc: 2.13-20ubuntu5.1 => 2.13-20ubuntu5.3 * grub2: 1.99-12ubuntu5 => 1.99-12ubuntu5.1 * isc-dhcp: 4.1.1-P1-17ubuntu10.3 => 4.1.1-P1-17ubuntu10.5 * iso-codes: 3.27-1 => 3.27-1ubuntu1 * landscape-client: 12.05-0ubuntu0.11.10 => 12.05-0ubuntu1.11.10 * libxml2: 2.7.8.dfsg-4ubuntu0.3 => 2.7.8.dfsg-4ubuntu0.5 * linux-meta: 3.0.0.26.30 => 3.0.0.29.33 * linux: 3.0.0-26.42 => 3.0.0-29.46 * ncurses: 5.9-1ubuntu5 => 5.9-1ubuntu5.1 * perl: 5.12.4-4 => 5.12.4-4ubuntu0.1 * python-keyring: 0.6.2-1 => 0.9.2-0ubuntu0.11.10.2 * python2.7: 2.7.2-5ubuntu1 => 2.7.2-5ubuntu1.1 * software-properties: 0.81.13.4 => 0.81.13.5 * update-manager: 1:0.152.25.12 => 1:0.152.25.13 CVE Updates: * apt - change permissions of /var/log/apt/term.log to 0640 (CVE-2012-0961) * bind9 - denial of service via specific combinations of RDATA (CVE-2012-5166) * dbus - privilege escalation via unsanitized environment (CVE-2012-3524) * eglibc - buffer overflow in vfprintf handling (CVE-2012-3404) - buffer overflow in vfprintf handling (CVE-2012-3405) - stack buffer overflow in vfprintf handling (CVE-2012-3406) - stdlib strtod integer/buffer overflows (CVE-2012-3480) * isc-dhcp - denial of service via ipv6 lease expiration time reduction (CVE-2012-3955) * libxml2 - buffer underflow in xmlParseAttValueComplex() (CVE-2012-5134) - denial of service and possible code execution via incorrect buffer sizes. (CVE-2012-2807) * perl - Injection problem in Digest::new (CVE-2011-3597) - Heap overflow in "x" operator (CVE-2012-5195) - CGI.pm improper cookie and p3p CRLF escaping (CVE-2012-5526) * python - fix hash randomization DoS (CVE-2012-1150) - xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request (CVE-2012-0845) - create ~/.pypirc securely (CVE-2011-4944) * python-keyring - CryptedFileKeyring format is insecure (CVE-2012-4571) -- [1] http://cloud-images.ubuntu.com/releases/oneiric/release-20130103/ [2] http://cloud-images.ubuntu.com/releases/oneiric/release-20120918/ [3] http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_3.0.0-26.42/changelog [4] http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_3.0.0-29.46/changelog -- Ben Howard ben.how...@canonical.com Canonical GPG ID 0x5406A866
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-cloud mailing list Ubuntu-cloud@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-cloud