Articles by KENNETH

USN-3184-1: Irssi vulnerabilities Ubuntu Security Notice USN-3184-1 1st February, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details It was discovered that the Irssi buf.pl script set incorrect permissions. Alocal attacker could use this issue to retrieve another user's windowcontents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered [ more… ]

USN-3185-1: libXpm vulnerability Ubuntu Security Notice USN-3185-1 1st February, 2017 libxpm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libXpm could be made to crash or run programs if it opened a specially crafted file. Software description libxpm – X11 pixmap library Details It was discovered that libXpm incorrectly handled certain XPM files. If auser or automated system were tricked into opening a specially crafted XPMfile, a remote attacker could use this issue to cause libXpm to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libxpm4 1:3.5.11-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libxpm4 1:3.5.11-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libxpm4 1:3.5.10-1ubuntu0.1 Ubuntu 12.04 LTS: libxpm4 1:3.5.9-4ubuntu0.1 To [ more… ]

USN-3186-1: iucode-tool vulnerability Ubuntu Security Notice USN-3186-1 1st February, 2017 iucode-tool vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary iucode-tool could be made to crash or run programs if it opened a specially crafted file. Software description iucode-tool – Intel processor microcode tool Details It was discovered that iucode-tool incorrectly handled certain microcodeswhen using the -tr loader. If a user were tricked into processing aspecially crafted microcode, a remote attacker could use this issue tocause iucode-tool to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: iucode-tool 1.6.1-1ubuntu0.1 Ubuntu 16.04 LTS: iucode-tool 1.5.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3182-1: NTFS-3G vulnerability Ubuntu Security Notice USN-3182-1 1st February, 2017 ntfs-3g vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary NTFS-3G could be made to load kernel modules as an administrator. Software description ntfs-3g – read/write NTFS driver for FUSE Details Jann Horn discovered that NTFS-3G incorrectly filtered environment variableswhen using the modprobe utility. A local attacker could possibly use this issueto load arbitrary kernel modules. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: ntfs-3g 1:2016.2.22AR.1-3ubuntu0.1 Ubuntu 16.04 LTS: ntfs-3g 1:2015.3.14AR.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-0358 Source: USN-3182-1: NTFS-3G vulnerability