-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
###########################################################
UPR Security Notice UPRSN-08_01 December 04, 2008
several vulnerabilities
###########################################################
Ubuntu Privacy Remix (UPR), based on Ubuntu 8.04 (LTS), is a live,
read-only CD that seals off your private data from the outside world. It
does this using encryption and isolation methods. This method of booting
off a read-only CD provides a isolated and unmodifiable system that is
exceedingly difficult to compromise by spyware.
The following security issues affect the "Ubuntu Privacy Remix" releases
prior 8.04_r1.
Ubuntu Privacy Remix 8.04_r1 can be downloaded from
https://www.privacy-cd.org/
A. UPR-specific
- ---------------
The UPR-Kernel was able to mount some RAID-Arrays, because the
RAID-controllers are identified by the system as a SCSI-controller, even
if (S)-ATA-Disks are used. For UPR this is a security issue, because
removing the kernels ability of mounting local S-/ATA-Disks is part of
the concept to seal off users to assure their privacy.
- From the new Kernel we removed support for
* all SCSI/IDE/SATA/SAS RAID-controllers
* iSCSI HBAs
* Fibre Chanel Controllers
... and some more.
This solves https://bugs.launchpad.net/bugs/301285
The sources, the UPR-Kernel ist based on, were updated to Ubuntu
source-package 2.6.24-22.45 because of security fixes.
B. Security Updates adopted from Ubuntu
- ---------------------------------------
All Ubuntu Security Updates released since the last UPR-release until
20081202 are installed:
alacarte base-files dbus dbus-x11 firefox firefox-3.0
firefox-3.0-gnome-support firefox-gnome-support foo2zjs hpijs hplip
hplip-data libdbus-1-3 libgnutls13 libsmbclient libxml2 libxml2-utils
linux-restricted-modules-common login logrotate module-init-tools
openoffice.org-base-core openoffice.org-calc openoffice.org-common
openoffice.org-core openoffice.org-draw openoffice.org-gnome
openoffice.org-gtk openoffice.org-impress openoffice.org-java-common
openoffice.org-style-human openoffice.org-writer passwd python-apt
python-libxml2 python-uno ttf-opensymbol xulrunner-1.9
xulrunner-1.9-gnome-support libvorbis0a libvorbisenc2 libvorbisfile3
- --
- ---------
Ubuntu Privacy Remix Project
web: www.privacy-cd.org
mail: info (at) privacy-cd (dot) org [email concealed]
bugreports: https://bugs.launchpad.net/upr
signing_key: 1E8E7D6A | Fingerprint: C87A 673C 4EDD F7CC 5C89 4B77 7AC5
2496 1E8E 7D6A
communication_key: 85AC2E72 | Fingerprint: 83A9 0DE1 17B1 F74B 8E1A 0353
29E6 DD3E 85AC 2E72
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJN+1fKebdPoWsLnIRAvuLAKCpSlQ1J9xVOsJkmKRY2+F/zBvIMgCfRDYB
CQkBk+W9BWQBsURy1EEdGso=
=D3oT
-----END PGP SIGNATURE-----