Ubuntu Privacy Remix 8.04r1 fixes security issues

2008.12.10
Credit: Ubuntu
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-5393
CWE: CWE-264


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ########################################################### UPR Security Notice UPRSN-08_01 December 04, 2008 several vulnerabilities ########################################################### Ubuntu Privacy Remix (UPR), based on Ubuntu 8.04 (LTS), is a live, read-only CD that seals off your private data from the outside world. It does this using encryption and isolation methods. This method of booting off a read-only CD provides a isolated and unmodifiable system that is exceedingly difficult to compromise by spyware. The following security issues affect the "Ubuntu Privacy Remix" releases prior 8.04_r1. Ubuntu Privacy Remix 8.04_r1 can be downloaded from https://www.privacy-cd.org/ A. UPR-specific - --------------- The UPR-Kernel was able to mount some RAID-Arrays, because the RAID-controllers are identified by the system as a SCSI-controller, even if (S)-ATA-Disks are used. For UPR this is a security issue, because removing the kernels ability of mounting local S-/ATA-Disks is part of the concept to seal off users to assure their privacy. - From the new Kernel we removed support for * all SCSI/IDE/SATA/SAS RAID-controllers * iSCSI HBAs * Fibre Chanel Controllers ... and some more. This solves https://bugs.launchpad.net/bugs/301285 The sources, the UPR-Kernel ist based on, were updated to Ubuntu source-package 2.6.24-22.45 because of security fixes. B. Security Updates adopted from Ubuntu - --------------------------------------- All Ubuntu Security Updates released since the last UPR-release until 20081202 are installed: alacarte base-files dbus dbus-x11 firefox firefox-3.0 firefox-3.0-gnome-support firefox-gnome-support foo2zjs hpijs hplip hplip-data libdbus-1-3 libgnutls13 libsmbclient libxml2 libxml2-utils linux-restricted-modules-common login logrotate module-init-tools openoffice.org-base-core openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-draw openoffice.org-gnome openoffice.org-gtk openoffice.org-impress openoffice.org-java-common openoffice.org-style-human openoffice.org-writer passwd python-apt python-libxml2 python-uno ttf-opensymbol xulrunner-1.9 xulrunner-1.9-gnome-support libvorbis0a libvorbisenc2 libvorbisfile3 - -- - --------- Ubuntu Privacy Remix Project web: www.privacy-cd.org mail: info (at) privacy-cd (dot) org [email concealed] bugreports: https://bugs.launchpad.net/upr signing_key: 1E8E7D6A | Fingerprint: C87A 673C 4EDD F7CC 5C89 4B77 7AC5 2496 1E8E 7D6A communication_key: 85AC2E72 | Fingerprint: 83A9 0DE1 17B1 F74B 8E1A 0353 29E6 DD3E 85AC 2E72 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJN+1fKebdPoWsLnIRAvuLAKCpSlQ1J9xVOsJkmKRY2+F/zBvIMgCfRDYB CQkBk+W9BWQBsURy1EEdGso= =D3oT -----END PGP SIGNATURE-----

References:

https://bugs.launchpad.net/bugs/301285
http://www.securityfocus.com/bid/32629
http://xforce.iss.net/xforce/xfdb/47082
http://www.securityfocus.com/archive/1/archive/1/498905/100/0/threaded


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top