Ubuntu has fixed a pile of security vulnerabilities in some of its current releases, including 22 vulnerabilities in the WebKit framework that’s part of the operating system. The WebKit flaws include some issues that could be exploited by remote attackers to run code on vulnerable machines.
The security vulnerabilities in WebKit affect Ubuntu 10.10 and 10.04 LTS. The company recommends that users running those vulnerable versions of the OS upgrade to new versions of the vulnerable packages.
“A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution,” the Ubuntu advisory says.
There also is a locally exploitable vulnerability in some versions of Ubuntu related to the way that the eCryptfs utility handles permissions in some cases. That flaw could be used to cause a denial of service on the machine, but only by a local attacker, the Ubuntu advisory says.
“It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service,” the advisory says.
