post h1 Aggiornamenti di sicurezza importanti per Ubuntu 12.04 "Precise Pangolin": Host Bundled, Blogilo, KDE, Firefox e JavaScript. ~ Ubuntulandiapost h1

agosto 23, 2012

Aggiornamenti di sicurezza importanti per Ubuntu 12.04 "Precise Pangolin": Host Bundled, Blogilo, KDE, Firefox e JavaScript.

| No comment

Sappiamo tutti quanto sia importante mantenere aggiornato il proprio sistema operativo, ma è parimenti esperienza comune che spesso siano proprio gli aggiornamenti a introdurre nuovi bug.
Ubuntu segue delle linee guida ben precise per gestire questa situazione.

La chiave di volta dell’intero discorso è che, una volta rilasciata la release, gli aggiornamenti non si fanno affatto, a meno che non riguardino vulnerabilità di sicurezza o bug particolarmente significativi.

Addirittura, nell’ottica di stabilizzare la release, già durante le ultime fasi di sviluppo l’ingresso di nuovi pacchetti dei vari software è sottoposto ad un controllo particolarmente rigido (una fase nota agli sviluppatori come “Feature Freeze”, appunto).

Gli aggiornamenti proposti a continuazione fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical e riguardano in particolare i primi aggiornamenti importanti sulla sicurezza riguardanti la neonata Ubuntu 12.04 Precise Pangolin:
  • Host Bundled con Dind 9.x
  • Blogilo.
  • Firefox.
  • KDE: Akonadi, Core Plugins e Core Shared.
  • Java Script

VERSION OF HOST BUNDLED WITH DIND 9.X


Modifiche per le versioni:
Versione installata: 1:9.8.1.dfsg.P1-4ubuntu0.1
Versione disponibile: 1:9.8.1.dfsg.P1-4ubuntu0.2

Versione 1:9.8.1.dfsg.P1-4ubuntu0.2:

  * SECURITY UPDATE: denial of service via dnssec validation load
    - lib/dns/resolver.c: don't use bad->expire before it has been set.
    - Patch backported from 9.8.3-P2.
    - CVE-2012-3817

This package provides the 'host' program in the form that is bundled with the BIND 9.X sources.

BLOGILO.



Blogilo is a Free/Open Source Blogging client, focused on simplicity and usability. Currently featured:
* A full featured WYSIWYG editor and an HTML editor.
* Previewing your post with your blog style, like when you are visiting it at
your blog.
* Support for Blogger1.0, MetaWeblog, MovableType (Wordpress supports all of
these) and Google GData (used on Blogspot.com blogs) APIs.
* Support for creating/modifying/deleting posts.
* Support for creating drafts and scheduled posts.
* Support for uploading media files to your blog (only on supported APIs e.g.
MetaWeblog and MovableType).
* Support for fetching your recent blog entries.
* Support for adding images to post from your system. It will upload them on
Submitting post to blog (only on supported APIs e.g. MetaWeblog and
MovableType).
* Support for saving local entries before publishing.
* Saving your writing copy to prevent data loss, at configurable intervals.
* Internal auto spell checker. (KDE spell checker used so most of languages
are supported.) This package is part of the KDE PIM module.

Modifiche per le versioni:
Versione installata: 4:4.8.4a-0ubuntu0.1
Versione disponibile: 4:4.8.4a-0ubuntu0.3

Versione 4:4.8.4a-0ubuntu0.3:

  * SECURITY UPDATE: Disable JavaScript, Java, and Plugins by default in
    kmail/kontact messageviewer's quote colorer (LP: #1022690)
    - Upstream Git dbb2f72f4745e00f53031965a9c10b2d6862bd54
    - CVE-2012-3413


Versione 4:4.8.4a-0ubuntu0.3:

  * SECURITY UPDATE: Disable JavaScript, Java, and Plugins by default in
    kmail/kontact messageviewer's quote colorer (LP: #1022690)
    - Upstream Git dbb2f72f4745e00f53031965a9c10b2d6862bd54
    - CVE-2012-3413


SAFE AND EASY WEB BROWSER FROM MOZILLA.



Modifiche per le versioni:
Versione installata: 13.0.1+build1-0ubuntu0.12.04.1
Versione disponibile: 14.0.1+build1-0ubuntu0.12.04.1

Versione 14.0.1+build1-0ubuntu0.12.04.1:

  * New upstream stable release (FIREFOX_14_0_1_BUILD1)
    - see LP: #1024562 for USN information

  [ Chris Coulson ]
  * Update globalmenu-extension to 3.2.5
    - Fix LP: #1010580 - No choice of folder when adding a bookmark from
      the bookmark menu
    - Fix a crash in uGlobalMenu::RecycleList::~RecycleList()
  * Refresh patches
    - update debian/patches/ubuntu-codes-google.patch
    - update debian/patches/allow-lockPref-everywhere.patch
    - update debian/patches/plugin-for-mimetype-pref.patch
    - update debian/patches/add-syspref-dir.patch
  * Drop patches fixed upstream
    - remove debian/patches/revert-bmo621446-investigation.patch
  * Add Keywords to the desktop file
    - update debian/firefox.desktop.in
  * Update desktop file translations
    - update debian/firefox.sh.in
  * Ensure that additional actions in the desktop file match the fd.o spec
    in precise and newer
    - update debian/firefox.desktop.in
    - update debian/rules
  * Drop the application/vnd.mozilla.xul+xml mimetype from the desktop file.
    Firefox hasn't been able to view XUL files from non-chrome URI's since
    version 4.0
    - update debian/firefox.desktop.in
  * Add application/x-xpinstall to the MimeType field of the desktop file
    - update debian/firefox.desktop.in
  * Drop the ability to select between tree/system libraries using a single
    option in debian/rules. It adds additional complexity and was never used
    - update debian/config/mozconfig.in
    - update debian/control.in
    - update debian/firefox-dev.install.in
    - update debian/firefox-dev.links.in
    - update debian/pkgconfig/libxul.pc.in
    - update debian/rules
  * Fix make-makefile test failure when the build directory contains
    perl regexp control characters
    - add debian/patches/make-makefile-test-fix.patch
    - update debian/patches/series
  * Shuffle the order of google-breakpad/src/common/dwarf/Makefile.in to fix a
    variable substitution issue, which was causing some objects to be built with
    the wrong compiler flags, resulting in dump_syms crashing (LP: #1002590)
    - add debian/patches/fix-makefile-substitution-bug.patch
  * Update StartupWMClass to the correct name
    - update debian/firefox.desktop.in
    - update debian/rules
  * Add search plugin for DuckDuckGo
  * Fix LP: #1000820 - firefox-dev conflicts with xulrunner-1.9-dev for
    people with the latter still installed
    - update debian/control{,.in}
  * Add Fulah to locales.blacklist
  * Fix LP: #1013186 - install our vendor preferences as application
    defaults rather than GRE defaults, so that they are loaded after
    the upstream defaults again. The upstream defaults were also moved
    as part of the webapp runtime work (which has it's own application
    defaults)
    - update debian/firefox.install.in
    - update debian/firefox.links.in
  * Apport hook improvements:
    - Sort preferences alphabetically in the apport data
    - Treat preferences set in default addons as default prefs so that
      they don't show up in apport data, unless the preference files have
      been modified
    - Support random pref files dropped in to the Firefox install folder, and
      preferences from application bundles
    - Fix ordering issues when loading preferences
  * Drop debian/patches/plugin-for-mimetype-pref.patch. The burden of
    carrying this is starting to outweigh the benefits of it

  [ Ben Collins ]
  * Cherry pick patch from aurora to use YARR interpreter on ppc
    - update debian/patches/fix-build-failure-without-yarr-jit.patch
    - update debian/patches/series
  * Fix ppc build due to new dtoa library
    - add debian/patches/fix-dtoa-build-on-ppc.patch
    - update debian/patches/series

Firefox delivers safe, easy web browsing. A familiar user interface, enhanced security features including protection from online identity theft, and integrated search let you get the most out of the web.


AGGIORNAMENTI RIGUARDANTI KDE:



AKONADI.

Modifiche per le versioni:
Versione installata: 4:4.8.4-0ubuntu0.1
Versione disponibile: 4:4.8.4-0ubuntu0.2

Versione 4:4.8.4-0ubuntu0.2:

  * No change rebuild into the -security pocket.


Firefox delivers safe, easy web browsing. A familiar user interface, enhanced security features including protection from online identity theft, and integrated search let you get the most out of the web.


CORE PLUGINS FOR KDE.

Modifiche per le versioni:
Versione installata: 4:4.8.4a-0ubuntu0.1
Versione disponibile: 4:4.8.4a-0ubuntu0.2

Versione 4:4.8.4a-0ubuntu0.2:

  * No change rebuild in the security pocket


This package contains core plugins for KDE Applications used by KDE Applications and KDE Development Platform libraries at runtime. This package is needed to run most KDE Applications.
This package is part of the KDE Development Platform libraries module.

CORE SHARED DATA FOR KDE.

Modifiche per le versioni:
Versione installata: 4:4.8.4a-0ubuntu0.1
Versione disponibile: 4:4.8.4a-0ubuntu0.2

Versione 4:4.8.4a-0ubuntu0.2:

  * No change rebuild in the security pocket


This package contains architecture-independent data files needed to run KDE Applications.
This package is part of the KDE Development Platform libraries module.

KDE KIM APPLICATIONS
Modifiche per le versioni:
Versione installata: 4:4.8.4-0ubuntu0.1
Versione disponibile: 4:4.8.4-0ubuntu0.2

Versione 4:4.8.4-0ubuntu0.2:

  * No change rebuild in the security pocket


This package contains the imap4, ldap, mbox, nntp, pop3, sieve and smtp kio slaves.
This package is part of the KDE Development Platform PIM libraries module.



JAVASCRIPT ENGINE LIBRERY FOR GTK.


Modifiche per le versioni:
Versione installata: 1.8.0-0ubuntu2
Versione disponibile: 1.8.1-0ubuntu0.12.04.1

Versione 1.8.1-0ubuntu0.12.04.1:

  * New upstream security release
    - see LP: #1027283 for USN information

Javascript Core is the javascript engine used in many ports of WebKit. This build comes from WebKitGTK+.

MIT KERBEROS RUNTIME LIBRARY CRYPTO LIBRARY.



Modifiche per le versioni:
Versione installata: 1.10+dfsg~beta1-2ubuntu0.1
Versione disponibile: 1.10+dfsg~beta1-2ubuntu0.3

Versione 1.10+dfsg~beta1-2ubuntu0.3:

  * SECURITY UPDATE: KDC heap corruption and crash vulnerabilities
    - debian/patches/MITKRB5-SA-2012-001.patch: initialize pointers both
      at allocation and assignment time
    - CVE-2012-1015, CVE-2012-1014
  * SECURITY UPDATE: denial of service in kadmind (LP: #1009422)
    - debian/patches/krb5-CVE-2012-1013.patch: check for null password
    - CVE-2012-1013
  * SECURITY UPDATE: insufficient ACL checking on get_strings/set_string
    - debian/patches/krb5-CVE-2012-1012.patch: make the access
      controls for get_strings/set_string mirror those of
      get_principal/modify_principal
    - CVE-2012-1012


Versione 1.10+dfsg~beta1-2ubuntu0.2:

  * Re-introduce libkrb53 as a transitional package to libkrb5-3.
    Also revert the Conflicts against libkrb53 to the old versioned
    Break/Replaces. (LP: #1007314)

Kerberos è un sistema per l'autenticazione di utenti e servizi in una rete. Kerberos è un servizio posto in atto da una terza parte affidabile; ciò significa che c'è una terza parte, il server Kerberos, di cui si fidano tutte le entità in rete (utenti e servizi, normalmente chiamati "principal").
Questa è l'implementazione di riferimento di Kerberos V5 fatta dal MIT.
This package contains the runtime cryptography libraries used by applications and Kerberos clients.

 
Ricerca personalizzata


Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:
, , , ,

Nessun commento:

Posta un commento

Caricamento in corso...

Ultimi post pubblicati

Archivio

Ubuntulandia in Instagram

>center>

Post Più Popolari