[UPRSN] Ubuntu Privacy Remix 8.04r1 fixes security issues

[Ubuntu Privacy Remix Team <security_notice () privacy-cd org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

###########################################################

UPR Security Notice UPRSN-08_01           December 04, 2008
several vulnerabilities

###########################################################

Ubuntu Privacy Remix (UPR), based on Ubuntu 8.04 (LTS), is a live,
read-only CD that seals off your private data from the outside world. It
does this using encryption and isolation methods. This method of booting
off a read-only CD provides a isolated and unmodifiable system that is
exceedingly difficult to compromise by spyware.
The following security issues affect the "Ubuntu Privacy Remix" releases
prior 8.04_r1.

Ubuntu Privacy Remix 8.04_r1 can be downloaded from
https://www.privacy-cd.org/

A. UPR-specific
- ---------------
The UPR-Kernel was able to mount some RAID-Arrays, because the
RAID-controllers are identified by the system as a SCSI-controller, even
if (S)-ATA-Disks are used. For UPR this is a security issue, because
removing the kernels ability of mounting local S-/ATA-Disks is part of
the concept to seal off users to assure their privacy.
- From the new Kernel we removed support for
* all SCSI/IDE/SATA/SAS RAID-controllers
* iSCSI HBAs
* Fibre Chanel Controllers
... and some more.

This solves https://bugs.launchpad.net/bugs/301285

The sources, the UPR-Kernel ist based on, were updated to Ubuntu
source-package 2.6.24-22.45 because of security fixes.



B. Security Updates adopted from Ubuntu
- ---------------------------------------
All Ubuntu Security Updates released since the last UPR-release until
20081202 are installed:

alacarte base-files dbus dbus-x11 firefox firefox-3.0
  firefox-3.0-gnome-support firefox-gnome-support foo2zjs hpijs hplip
  hplip-data libdbus-1-3 libgnutls13 libsmbclient libxml2 libxml2-utils
  linux-restricted-modules-common login logrotate module-init-tools
  openoffice.org-base-core openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-gnome
  openoffice.org-gtk openoffice.org-impress openoffice.org-java-common
  openoffice.org-style-human openoffice.org-writer passwd python-apt
  python-libxml2 python-uno ttf-opensymbol xulrunner-1.9
  xulrunner-1.9-gnome-support libvorbis0a libvorbisenc2 libvorbisfile3




- --

- ---------
Ubuntu Privacy Remix Project
web:                    www.privacy-cd.org
mail:                   info () privacy-cd org
bugreports:             https://bugs.launchpad.net/upr
signing_key:            1E8E7D6A | Fingerprint: C87A 673C 4EDD F7CC 5C89 4B77 7AC5
2496 1E8E 7D6A
communication_key:      85AC2E72 | Fingerprint: 83A9 0DE1 17B1 F74B 8E1A 0353
29E6 DD3E 85AC 2E72

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJN+1fKebdPoWsLnIRAvuLAKCpSlQ1J9xVOsJkmKRY2+F/zBvIMgCfRDYB
CQkBk+W9BWQBsURy1EEdGso=
=D3oT
-----END PGP SIGNATURE-----