Articles by KENNETH

USN-3423-1: Linux kernel vulnerability Ubuntu Security Notice USN-3423-1 18th September, 2017 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash if it received specially crafted bluetooth traffic. Software description linux – Linux kernel Details It was discovered that a buffer overflow existed in the Bluetooth stack ofthe Linux kernel when handling L2CAP configuration responses. A physicallyproximate attacker could use this to cause a denial of service (systemcrash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-powerpc-smp 3.2.0.131.145 linux-image-3.2.0-131-omap 3.2.0-131.177 linux-image-3.2.0-131-powerpc-smp 3.2.0-131.177 linux-image-generic 3.2.0.131.145 linux-image-3.2.0-131-generic-pae 3.2.0-131.177 linux-image-3.2.0-131-highbank 3.2.0-131.177 linux-image-generic-pae 3.2.0.131.145 linux-image-3.2.0-131-virtual 3.2.0-131.177 linux-image-highbank 3.2.0.131.145 linux-image-virtual 3.2.0.131.145 linux-image-powerpc64-smp 3.2.0.131.145 linux-image-3.2.0-131-generic 3.2.0-131.177 linux-image-omap 3.2.0.131.145 linux-image-3.2.0-131-powerpc64-smp 3.2.0-131.177 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]

USN-3424-1: libxml2 vulnerabilities Ubuntu Security Notice USN-3424-1 18th September, 2017 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libxml2. Software description libxml2 – GNOME XML library Details It was discovered that a type confusion error existed in libxml2. Anattacker could use this to specially construct XML data thatcould cause a denial of service or possibly execute arbitrarycode. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entityreferences. An attacker could use this to specially construct XMLdata that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 whenhandling HTTP redirects. An attacker could use this to speciallyconstruct XML data that could cause a denial of service or possiblyexecute arbitrary code. (CVE-2017-7376) Marcel Böhme [ more… ]

USN-3421-1: Libidn2 vulnerability Ubuntu Security Notice USN-3421-1 18th September, 2017 libidn2-0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Libidn2 could be made to crash if it received specially crafted input. Software description libidn2-0 – Internationalized domain names (IDNA2008) library Details It was discovered that Libidn2 incorrectly handled certain input. Aremote attacker could possibly use this issue to cause Libidn2 to crash,resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libidn2-0 0.16-1ubuntu0.1 idn2 0.16-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14062 Source: USN-3421-1: Libidn2 vulnerability