post h1 Aggiornamenti di sicurezza importanti per Ubuntu 12.10 “Quantal Quetzal”: integrazione di Unity con Firefox, Thunderbird e CSSH Library. ~ Ubuntulandiapost h1

novembre 28, 2012

Aggiornamenti di sicurezza importanti per Ubuntu 12.10 “Quantal Quetzal”: integrazione di Unity con Firefox, Thunderbird e CSSH Library.

| No comment
ubuntu-12.10_Quantal-QuetzalSappiamo tutti quanto sia importante mantenere aggiornato il proprio sistema operativo, ma è parimenti esperienza comune che spesso siano proprio gli aggiornamenti a introdurre nuovi bug.

Ubuntu segue delle linee guida ben precise per gestire questa situazione.

La chiave di volta dell’intero discorso è che, una volta rilasciata la release, gli aggiornamenti non si fanno affatto, a meno che non riguardino vulnerabilità di sicurezza o bug particolarmente significativi.

Addirittura, nell’ottica di stabilizzare la release, già durante le ultime fasi di sviluppo l’ingresso di nuovi pacchetti dei vari software è sottoposto ad un controllo particolarmente rigido (una fase nota agli sviluppatori come “Feature Freeze”, appunto).

Gli aggiornamenti proposti a continuazione fanno parte del bollettino di sicurezza settimanale rilasciato da Canonical e riguardano in particolare aggiornamenti importanti sulla sicurezza riguardanti la neonata Ubuntu 12.10 Quantal Quetzal (in particolare l’integrazione di Unity con Firefox e Thunderbird).
unity
This package provides an extension which adds support for the Unity appmenu to Thunderbird
Modifiche per le versioni:
Versione installata: 16.0.2+build1-0ubuntu0.12.10.1
Versione disponibile: 17.0+build2-0ubuntu0.12.10.1
Versione 17.0+build2-0ubuntu0.12.10.1:
  * New upstream stable release (THUNDERBIRD_17_0_BUILD2)
    - see LP: #1080212 for USN information
  * Update globalmenu-extension to 3.6.4
    - Fix a build ordering issue causing the install.rdf to be missed
      from the addon xpi
    - Fix crash in uGlobalMenu::InitializePopup
    - Make logging work correctly on debug builds
    - Handle submenu's being reopened without getting a close event
      in between. We don't seem to get a close event when a menuitem
      is activated
  * Update messagingmenu extension to 1.3.1
  * Build with --disable-webrtc on all architectures except for i386 and amd64
    - update debian/config/mozconfig.in
  * Fix quoting issues when parsing preferences
    - update debian/apport/source_thunderbird.py.in
  * Refresh patches
    - update debian/patches/unity-globalmenu-build-support.patch
    - update debian/patches/theme-refresh-messenger-toolbar-icons.patch
    - update debian/patches/fix-for-bmo795395.patch
  * Drop patches fixed upstream
    - remove debian/patches/add-nativehandle-attribute.patch
    - update debian/patches/series
  * Don't ship empty ".mkdir.done" files in our packages. This should probably
    be fixed in the upstream build system, but we'll do a temporary band-aid
    fix in the packaging for now just so we can get some builds
    - update debian/build/mozbuild.mk
 
  • Service for Web App Integration with Unity Desktop.
Firefox delivers safe, easy web browsing. A familiar user interface, enhanced security features including protection from online identity theft, and integrated search let you get the most out of the web.
Modifiche per le versioni:
Versione installata: 16.0.2+build1-0ubuntu0.12.10.1
Versione disponibile: 17.0+build2-0ubuntu0.12.10.1
Versione 17.0+build2-0ubuntu0.12.10.1:
  * New upstream stable release (FIREFOX_17_0_BUILD2)
    - see LP: #1080211 for USN information
  * Update globalmenu-extension to 3.6.4
    - Fix a build ordering issue causing the install.rdf to be missed
      from the addon xpi
    - Fix crash in uGlobalMenu::InitializePopup
    - Fix issue with stale entries being left in the Recently Closed
      Tabs / Windows menus
    - Make logging work correctly on debug builds
    - Handle submenu's being reopened without getting a close event
      in between. We don't seem to get a close event when a menuitem
      is activated
  * Build with --disable-webrtc on all architectures except for i386 and amd64
    - update debian/config/mozconfig.in
  * Install the web app support
    - update debian/firefox-globalmenu.links.in
    - update debian/firefox.dirs.in
    - update debian/firefox.install.in
    - update debian/patches/series.in
    - add debian/patches/webapprt-support-for-langpacks.patch
    - update debian/rules
  * Fix quoting issues when parsing preferences
    - update debian/apport/source_firefox.py.in
  * Refresh patches
    - update debian/patches/ubuntu-ua-string-changes.patch
    - update debian/patches/unity-globalmenu-build-support.patch
    - update debian/patches/fix-for-bmo795395.patch
  * Drop obsolete patches
    - remove debian/patches/add-nativehandle-attribute.patch
    - update debian/patches/series
  * Don't ship empty ".mkdir.done" files in our packages. This should probably
    be fixed in the upstream build system, but we'll do a temporary band-aid
    fix in the packaging for now just so we can get some builds
    - update debian/build/mozbuild.
ubuntu-web-apps-3
  • Tiny CSSH Library.
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its SFTP implementation, you can play with remote files easily.
Modifiche per le versioni:
Versione installata: 0.5.2-1build1
Versione disponibile: 0.5.2-1ubuntu0.12.10.1
Versione 0.5.2-1ubuntu0.12.10.1:
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple double free flaws
    - debian/patches/CVE-2012-4559.patch: properly do frees in src/agent.c,
      src/channels.c, src/sftp.c.
    - CVE-2012-4559
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple buffer overflows
    - debian/patches/CVE-2012-4560.patch: properly calculate sizes in
      src/misc.c.
    - CVE-2012-4560
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple invalid free flaws
    - debian/patches/CVE-2012-4561.patch: don't use after free in
      src/keyfiles.c, properly zero structs in src/keys.c.
    - CVE-2012-4561
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple improper overflow checks
    - debian/patches/CVE-2012-4562.patch: do proper overflow checks in
      src/buffer.c, src/dh.c, src/string.c.
    - CVE-2012-4562
webapps-firefox-exceptions
  • Firefox Extension: Unity Integration.

Firefox extension to allow WebApps to integrate with the Unity Desktop
Modifiche per le versioni:
Versione installata: 2.4.1-0ubuntu1
Versione disponibile: 2.4.1-0ubuntu1.1
Versione 2.4.1-0ubuntu1.1:
  * SECURITY UPDATE: denial of service and possible code execution
    (LP: #1076350)
    - debian/patches/CVE-2012-0960.patch: improve logic in
      unity-firefox-extension/content/unity-global-property-initializer.js.
    - CVE-2012-0960
  • Unity App Menu Integration for Firefox.
This package provides an extension which adds support for the Unity appmenu to Firefox
Modifiche per le versioni:
Versione installata: 16.0.2+build1-0ubuntu0.12.10.1
Versione disponibile: 17.0+build2-0ubuntu0.12.10.1
Versione 17.0+build2-0ubuntu0.12.10.1:
  * New upstream stable release (FIREFOX_17_0_BUILD2)
    - see LP: #1080211 for USN information
  * Update globalmenu-extension to 3.6.4
    - Fix a build ordering issue causing the install.rdf to be missed
      from the addon xpi
    - Fix crash in uGlobalMenu::InitializePopup
    - Fix issue with stale entries being left in the Recently Closed
      Tabs / Windows menus
    - Make logging work correctly on debug builds
    - Handle submenu's being reopened without getting a close event
      in between. We don't seem to get a close event when a menuitem
      is activated
  * Build with --disable-webrtc on all architectures except for i386 and amd64
    - update debian/config/mozconfig.in
  * Install the web app support
    - update debian/firefox-globalmenu.links.in
    - update debian/firefox.dirs.in
    - update debian/firefox.install.in
    - update debian/patches/series.in
    - add debian/patches/webapprt-support-for-langpacks.patch
    - update debian/rules
  * Fix quoting issues when parsing preferences
    - update debian/apport/source_firefox.py.in
  * Refresh patches
    - update debian/patches/ubuntu-ua-string-changes.patch
    - update debian/patches/unity-globalmenu-build-support.patch
    - update debian/patches/fix-for-bmo795395.patch
  * Drop obsolete patches
    - remove debian/patches/add-nativehandle-attribute.patch
    - update debian/patches/series
  * Don't ship empty ".mkdir.done" files in our packages. This should probably
    be fixed in the upstream build system, but we'll do a temporary band-aid
    fix in the packaging for now just so we can get some builds
    - update debian/build/mozbuild.mk
 
Ricerca personalizzata


Se ti è piaciuto l'articolo , iscriviti al feed cliccando sull'immagine sottostante per tenerti sempre aggiornato sui nuovi contenuti del blog:

, , , ,

Nessun commento:

Posta un commento

Caricamento in corso...

Ultimi post pubblicati

Archivio

Ubuntulandia in Instagram

>center>

Post Più Popolari