14 DAY TRIAL // Ubuntu 11.10, the latest Linux distribution launched by Canonical, has received two important security updates, one for a krb5 vulnerability and the other one for a colord vulnerability.
The krb5 vulnerability presented a security issue that affected the Kerberos Key Distribution Center (KDC) which could be made to crash. Simo Sorce discovered that a NULL pointer dereference existed in the Kerberos Key Distribution Center (KDC) and a DoS attack could be caused by an authenticated remote attacker.
The second security vulnerability is for colord, which incorrectly handled certain SQL queries. Because of this, arbitrary sqlite databases could be modified by a local attacker. On the Ubuntu operating system, colord runs by default as its own user, therefore standard file permissions would limit which databases could be altered.
The problems are easily fixable by updating the system(s) to colord 0.1.12-1ubuntu2.1 and krb5-kdc 1.9.1+dfsg-1ubuntu2.2.