SECURITY

USN-3274-1: ICU vulnerabilities Ubuntu Security Notice USN-3274-1 2nd May, 2017 icu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in ICU. Software description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain memory operationswhen processing data. If an application using ICU processed crafted data,a remote attacker could possibly cause it to crash or potentially executearbitrary code with the privileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libicu57 57.1-5ubuntu0.1 Ubuntu 16.10: libicu57 57.1-4ubuntu0.2 Ubuntu 16.04 LTS: libicu55 55.1-7ubuntu0.2 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]

USN-3273-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-3273-1 2nd May, 2017 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted EMF file. Software description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled EMF image files.If a user were tricked into opening a specially crafted EMF image file, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libreoffice-core 1:5.2.2-0ubuntu2.1 Ubuntu 16.04 LTS: libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial2 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to [ more… ]

USN-3272-1: Ghostscript vulnerabilities Ubuntu Security Notice USN-3272-1 28th April, 2017 ghostscript vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Ghostscript. Software description ghostscript – PostScript and PDF interpreter Details It was discovered that Ghostscript improperly handled parameters tothe rsdparams and eqproc commands. An attacker could use these tocraft a malicious document that could disable -dSAFER protections,thereby allowing the execution of arbitrary code, or cause a denialof service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in thecolor management module of Ghostscript. An attacker could use thisto cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scanconversion code in Ghostscript. An attacker could use this to causea denial of [ more… ]