giugno 23, 2012

Aggiornamenti di sicurezza importanti per Ubuntu 12.04 Precise Pangolin: Unity 2D shared library, Pulse Audio Sound Server, VNC plugin for remmina remote desktop client ed altri.

precise-coverSappiamo tutti quanto sia importante mantenere aggiornato il proprio sistema operativo, ma è parimenti esperienza comune che spesso siano proprio gli aggiornamenti a introdurre nuovi bug. Ubuntu segue delle linee guida ben precise per gestire questa situazione.

La chiave di volta dell’intero discorso è che, una volta rilasciata la release, gli aggiornamenti non si fanno affatto, a meno che non riguardino vulnerabilità di sicurezza o bug particolarmente significativi.

Addirittura, nell’ottica di stabilizzare la release, già durante le ultime fasi di sviluppo l’ingresso di nuovi pacchetti dei vari software è sottoposto ad un controllo particolarmente rigido (una fase nota agli sviluppatori come “Feature Freeze”, appunto).

Gli aggiornamenti proposti a continuazione fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical e riguardano in particolare i primi aggiornamenti importanti sulla sicurezza riguardanti la neonata Ubuntu 12.04 Precise Pangolin:
  • User-space parser utility for AppArmor.
  • Package management related utility preograms.
  • Adobe Flash Player Plugin Installer.
  • deb package formar runtime library.
  • MySQL database client library.
  • Comple Generic Linux Kernel. 
  • Pulse Audio Sound Server. 
  • VNC plugin for remmina remote desktop client
  • Unity 2D shared library.

User-space parser utility for AppArmor.


Modifiche per le versioni:
Versione installata: 2.7.102-0ubuntu3
Versione disponibile: 2.7.102-0ubuntu3.1

Versione 2.7.102-0ubuntu3.1:

  * fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
    This was a regression from the Thunderbird path changing to a non-versioned
    path in the Thunderbird 12 packaging
    - add debian/patches/0015-lp990931.patch
    - update debian/patches/series


This provides the system initialization scripts needed to use the AppArmor Mandatory Access Control system, including the AppArmor Parser which is required to convert AppArmor text profiles into machine-readable policies that are loaded into the kernel for use with the AppArmor Linux Security Module.


Package management related utility preograms.

Modifiche per le versioni:
Versione installata: 0.8.16~exp12ubuntu10
Versione disponibile: 0.8.16~exp12ubuntu10.2

Versione 0.8.16~exp12ubuntu10.2:

  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639


Versione 0.8.16~exp12ubuntu10.1:

  * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
    Marc Deslauriers. (LP: #1013128)


Versione 0.8.16~exp12ubuntu10.2:

  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639


Versione 0.8.16~exp12ubuntu10.1:

  * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
    Marc Deslauriers. (LP: #1013128)

This package enables the usage of 'deb https://foo distro main' lines in the /etc/apt/sources.list so that all package managers using the libapt-pkg library can access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure).
This transport supports server as well as client authentication with certificates.


Adobe Flash Player Plugin Installer.

Modifiche per le versioni:
Versione installata: 11.2.202.235ubuntu0.12.04.1
Versione disponibile: 11.2.202.236ubuntu0.12.04.1

Versione 11.2.202.236ubuntu0.12.04.1:

  * New upstream release 11.2.202.236
    - debian/flashplugin-installer.{config,postinst},
      debian/post-download-hook: Updated version and sha256sum.


Downloads and Installs the Adobe Flash Player plugin. The Adobe Flash Player plugin supports playing of media and other dynamic content online.
The Adobe Flash Player plugin will work with a range of web-browsers including, limited to:
* Firefox
* Chromium
* SeaMonkey
* Iceweasel
* Iceape
* Galeon
* Epiphany
* Konqueror WARNING: Installing this Ubuntu package causes the Adobe Flash Player plugin to be downloaded from the Adobe web site. The distribution license of the Adobe Flash Player plugin is available at www.adobe.com. Installing this Ubuntu package implies that you have accepted the terms of that license.


deb package formar runtime library.


Modifiche per le versioni:
Versione installata: 0.8.16~exp12ubuntu10
Versione disponibile: 0.8.16~exp12ubuntu10.2

Versione 0.8.16~exp12ubuntu10.2:

  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639


Versione 0.8.16~exp12ubuntu10.1:

  * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
    Marc Deslauriers. (LP: #1013128)

This library provides methods to query and extract information from deb packages. This includes the control data and the package file content.


MySQL database client library.

Modifiche per le versioni:
Versione installata: 5.5.22-0ubuntu1
Versione disponibile: 5.5.24-0ubuntu0.12.04.1

Versione 5.5.24-0ubuntu0.12.04.1:

  * SECURITY UPDATE: Update to 5.5.24 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html


MySQL is a fast, stable and true multi-user, multi-threaded SQL database server. SQL (Structured Query Language) is the most popular database query language in the world. The main goals of MySQL are speed, robustness and ease of use.
This package includes the client library.


Unity 2D shared library.

Modifiche per le versioni:
Versione installata: 5.5.22-0ubuntu1
Versione disponibile: 5.5.24-0ubuntu0.12.04.1

Versione 5.5.24-0ubuntu0.12.04.1:

  * SECURITY UPDATE: Update to 5.5.24 to fix security issues (LP: #1011371)
    - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html

MySQL is a fast, stable and true multi-user, multi-threaded SQL database server. SQL (Structured Query Language) is the most popular database query language in the world. The main goals of MySQL are speed, robustness and ease of use.
This package includes the client library.


Comple Generic Linux Kernel.

Modifiche per le versioni:
Versione installata: 3.2.0.24.26
Versione disponibile: 3.2.0.25.27

Versione 3.2.0.25.27:

  [ Luis Henriques ]

  * UBUNTU: Fix Vcs-Git in linux-precise-meta
    - LP: #999726

  [ Tim Gardner ]

  * UBUNTU: Added -hwe- and -current- meta packages
  * Added Calxeda highbank flavour
    - LP: #1000831
  * Bump ABI

This package will always depend on the latest complete generic Linux kernel available.


Pulse Audio Sound Server.

Modifiche per le versioni:
Versione installata: 1:1.1-0ubuntu15
Versione disponibile: 1:1.1-0ubuntu15.1

Versione 1:1.1-0ubuntu15.1:

  * 0621-Add-special-profiles-for-some-laptops-missing-speake.patch:
    Fix missing internal mic and speaker not showing for some laptops
    (LP: #946232)

PulseAudio, prima chiamato Polypaudio, è un server sonoro per sistemi POSIX e WIN32. È un rimpiazzo perfetto per il server sonoro ESD con latenza, qualità di missaggio/ricampionamento e architettura generale molto migliori.
These are some of PulseAudio's features:
* High quality software mixing of multiple audio streams with support for
more than one sink/source. May be used to combine multiple sound cards
into one (with sample rate adjustment).
* Wide range of supported client libraries. ESD, ALSA, oss, libao and
GStreamer client applications are supported as-is. Native PulseAudio
plug-ins are also available for xmms and mplayer.
* Good low latency behaviour and very accurate latency measurement for
playback and recording. Ability to fully synchronize multiple playback
streams.
* Network transparency, allowing an application to play back or record
audio on a different machine than the one it is running on.
* Extensible plug-in architecture with plug-ins for jackd, multicast-rtp
lirc and avahi, just to name a few. This package contains the daemon and basic module set.


VNC plugin for remmina remote desktop client.

Modifiche per le versioni:
Versione installata: 1:1.1-0ubuntu15
Versione disponibile: 1:1.1-0ubuntu15.1

Versione 1:1.1-0ubuntu15.1:

  * 0621-Add-special-profiles-for-some-laptops-missing-speake.patch:
    Fix missing internal mic and speaker not showing for some laptops
    (LP: #946232)

PulseAudio, prima chiamato Polypaudio, è un server sonoro per sistemi POSIX e WIN32. È un rimpiazzo perfetto per il server sonoro ESD con latenza, qualità di missaggio/ricampionamento e architettura generale molto migliori.
These are some of PulseAudio's features:
* High quality software mixing of multiple audio streams with support for
more than one sink/source. May be used to combine multiple sound cards
into one (with sample rate adjustment).
* Wide range of supported client libraries. ESD, ALSA, oss, libao and
GStreamer client applications are supported as-is. Native PulseAudio
plug-ins are also available for xmms and mplayer.
* Good low latency behaviour and very accurate latency measurement for
playback and recording. Ability to fully synchronize multiple playback
streams.
* Network transparency, allowing an application to play back or record
audio on a different machine than the one it is running on.
* Extensible plug-in architecture with plug-ins for jackd, multicast-rtp
lirc and avahi, just to name a few. This package contains the daemon and basic module set.
 
Ricerca personalizzata



Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:

Nessun commento:

Posta un commento

Non inserire link cliccabili altrimenti il commento verrà eliminato. Metti la spunta a Inviami notifiche per essere avvertito via email di nuovi commenti.