SECURITY

USN-3310-1: lintian vulnerability Ubuntu Security Notice USN-3310-1 6th June, 2017 lintian vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Summary lintian could be made to run programs if it processed a specially crafted package. Software description lintian – Debian package checker Details Jakub Wilk discovered that lintian incorrectly handled deserializingcertain YAML files. If a user or automated system were tricked into runninglintian on a specially crafted package, a remote attacker could possiblyuse this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: lintian 2.5.50.1ubuntu0.1 Ubuntu 16.10: lintian 2.5.48ubuntu0.1 Ubuntu 16.04 LTS: lintian 2.5.43ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

USN-3309-1: Libtasn1 vulnerability Ubuntu Security Notice USN-3309-1 5th June, 2017 libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file. Software description libtasn1-6 – Library to manage ASN.1 structures Details Jakub Jirasek discovered that GnuTLS incorrectly handled certainassignments files. If a user were tricked into processing a speciallycrafted assignments file, a remote attacker could possibly execute arbirarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libtasn1-6 4.10-1ubuntu0.1 Ubuntu 16.10: libtasn1-6 4.9-4ubuntu0.1 Ubuntu 16.04 LTS: libtasn1-6 4.7-3ubuntu0.16.04.2 Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-3308-1: Puppet vulnerabilities Ubuntu Security Notice USN-3308-1 5th June, 2017 puppet vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Puppet. Software description puppet – Centralized configuration management Details Dennis Rowe discovered that Puppet incorrectly handled the search path. Alocal attacker could use this issue to possibly execute arbitrary code.(CVE-2014-3248) It was discovered that Puppet incorrectly handled YAML deserialization. Aremote attacker could possibly use this issue to execute arbitrary code onthe master. This update is incompatible with agents older than 3.2.2.(CVE-2017-2295) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: puppet-common 3.4.3-1ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2014-3248, CVE-2017-2295 Source: [ more… ]