SECURITY

USN-3271-1: Libxslt vulnerabilities Ubuntu Security Notice USN-3271-1 27th April, 2017 libxslt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Libxslt. Software description libxslt – XSLT processing library Details Holger Fuhrmannek discovered an integer overflow in thexsltAddTextString() function in Libxslt. An attacker could usethis to craft a malicious document that, when opened, could cause adenial of service (application crash) or possible execute arbitrarycode. (CVE-2017-5029) Nicolas Gregoire discovered that Libxslt mishandled namespacenodes. An attacker could use this to craft a malicious document that,when opened, could cause a denial of service (application crash)or possibly execute arbtrary code. This issue only affected Ubuntu16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683) Sebastian Apelt discovered that a use-after-error existed in [ more… ]

USN-3270-1: NSS vulnerabilities Ubuntu Security Notice USN-3270-1 27th April, 2017 nss vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in NSS. Software description nss – Network Security Service library Details Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DESciphers were vulnerable to birthday attacks. A remote attacker couldpossibly use this flaw to obtain clear text data from long encryptedsessions. This update causes NSS to limit use of the same symmetric key.(CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. A remoteattacker could use this flaw to cause NSS to crash, resulting in a denialof service, or possibly execute arbitrary code. (CVE-2017-5461) This update refreshes the NSS package to version 3.28.4 which includesthe latest CA certificate bundle. [ more… ]

USN-3269-1: MySQL vulnerabilities Ubuntu Security Notice USN-3269-1 27th April, 2017 mysql-5.5, mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.55 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,Ubuntu 16.10 and Ubuntu 17.04 have been updated to MySQL 5.7.18. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-55.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-18.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: mysql-server-5.7 5.7.18-0ubuntu0.17.04.1 Ubuntu 16.10: mysql-server-5.7 [ more… ]