[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [UPRSN] Ubuntu Privacy Remix 8.04r3 fixes security issues
- From: Ubuntu Privacy Remix Team <security_notice@xxxxxxxxxxxxxx>
- Date: Mon, 16 Feb 2009 17:48:05 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
###########################################################
UPR Security Notice UPRSN-08_03 January 16, 2009
several vulnerabilities
###########################################################
Ubuntu Privacy Remix (UPR), based on Ubuntu 8.04 (LTS), is a live,
read-only CD that seals off your private data from the outside world to
offer protection against spying measures such as the german
„Bundestrojaner“, with which the German government and federal police
tries to spy on its citizens.
UPR does this using encryption and isolation methods. This method of
booting off a read-only CD provides a isolated and unmodifiable system
that is exceedingly difficult to compromise by spyware.
The following security issues affect the "Ubuntu Privacy Remix" releases
prior 8.04_r3.
Ubuntu Privacy Remix 8.04_r1 can be downloaded from
https://www.privacy-cd.org/
A. UPR-specific
- ---------------
1. New feature to overwrite memory on shutdown which prevents that
remains of the UPR system (e.g. encryption keys) are still readable from
RAM after reboot from a compromised local operating system (see article
“The Problem of „Cold Boot Attacks“” for details:
https://www.privacy-cd.org/index.php?option=com_content&view=article&id=70%3Acold-boot-angriffe&catid=19%3Afeatures&Itemid=35&lang=en).
B. Security Updates adopted from Ubuntu
- ---------------------------------------
All packages with security-fixes in Ubuntu 8.04 until 02/10/2009 have
been updated. Among others the sources, the UPR-Kernel ist based on,
were updated to Ubuntu source-package 2.6.24-23.
See the complete changelog (new functions and features, bugfixes) here:
https://www.privacy-cd.org/index.php?option=com_content&view=article&id=66&Itemid=89&lang=en
- --
- ---------
Ubuntu Privacy Remix Project
web: www.privacy-cd.org
mail: info@xxxxxxxxxxxxxx
bugreports: https://bugs.launchpad.net/upr
signing_key: 1E8E7D6A | Fingerprint: C87A 673C 4EDD F7CC 5C89 4B77
7AC5
2496 1E8E 7D6A
communication_key: 85AC2E72 | Fingerprint: 83A9 0DE1 17B1 F74B 8E1A 0353
29E6 DD3E 85AC 2E72
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJmZjFKebdPoWsLnIRAh7OAJ91I9Jn6JR2cyd9hjTrle39KQZfKwCfS1HK
UC57Ng1Pyr1YvAY5D3uznJY=
=4rFP
-----END PGP SIGNATURE-----