Articles by KENNETH

USN-3449-1: OpenStack Nova vulnerabilities Ubuntu Security Notice USN-3449-1 11th October, 2017 nova vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Nova. Software description nova – OpenStack Compute cloud infrastructure Details George Shuklin discovered that OpenStack Nova incorrectly handled themigration process. A remote authenticated user could use this issue toconsume resources, resulting in a denial of service. (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectlyhandled deleting instances. A remote authenticated user could use thisissue to consume disk resources, resulting in a denial of service.(CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited qemu-img calls. Aremote authenticated user could use this issue to consume resources,resulting in a denial of service. (CVE-2015-5162) Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots.A remote authenticated user could [ more… ]

USN-3450-1: Open vSwitch vulnerabilities Ubuntu Security Notice USN-3450-1 11th October, 2017 openvswitch vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in Open vSwitch. Software description openvswitch – Ethernet virtual switch Details Bhargava Shastry discovered that Open vSwitch incorrectly handled certainOFP messages. A remote attacker could possibly use this issue to causeOpen vSwitch to crash, resulting in a denial of service. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlowrole messages. A remote attacker could possibly use this issue to causeOpen vSwitch to crash, resulting in a denial of service. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformedpackets. A remote attacker could possibly use this issue to cause OpenvSwitch to crash, resulting in a denial of service. This issue onlyaffected Ubuntu [ more… ]

USN-3451-1: OpenStack Swift vulnerabilities Ubuntu Security Notice USN-3451-1 11th October, 2017 swift vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Swift. Software description swift – OpenStack distributed virtual object store Details It was discovered that OpenStack Swift incorrectly handled tempurls. Aremote authenticated user in possession of a tempurl key authorized for PUTcould retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swiftincorrectly closed client connections. A remote attacker could possibly usethis issue to consume resources, resulting in a denial of service.(CVE-2016-0737, CVE-2016-0738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: swift 1.13.1-0ubuntu1.5 python-swift 1.13.1-0ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]

USN-3452-1: Ceph vulnerabilities Ubuntu Security Notice USN-3452-1 11th October, 2017 ceph vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ceph. Software description ceph – distributed storage and file system Details It was discovered that Ceph incorrectly handled the handle_commandfunction. A remote authenticated user could use this issue to cause Ceph tocrash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled theauthenticated-read ACL. A remote attacker could possibly use this issue tolist bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objectswith null conditions. A remote attacker could possibly use this issue tocuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Originheaders. A remote attacker [ more… ]

USN-3436-1: Thunderbird vulnerabilities Ubuntu Security Notice USN-3436-1 11th October, 2017 thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user weretricked in to opening a specially crafted website in a browsing-likecontext, an attacker could potentially exploit these to read uninitializedmemory, bypass phishing and malware protection, conduct cross-sitescripting (XSS) attacks, cause a denial of service via application crash,or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814,CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this to cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2017-7805) Update instructions The problem can [ more… ]