SECURITY

USN-3246-1: Eject vulnerability Ubuntu Security Notice USN-3246-1 27th March, 2017 eject vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eject could be made to run programs as an administrator. Software description eject – ejects CDs and operates CD-Changers under Linux Details Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuidand setgid return values. A local attacker could use this issue to execute codeas an administrator. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 Ubuntu 16.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 Ubuntu 14.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 Ubuntu 12.04 LTS: eject 2.1.5+deb1+cvs20081104-9ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6964 Source: [ more… ]

USN-3245-1: GStreamer Good Plugins vulnerabilities Ubuntu Security Notice USN-3245-1 27th March, 2017 gst-plugins-good0.10, gst-plugins-good1.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer Good Plugins could be made to crash if it opened a specially crafted file. Software description gst-plugins-good0.10 – GStreamer plugins gst-plugins-good1.0 – GStreamer plugins Details Hanno Böck discovered that GStreamer Good Plugins did not correctly handlecertain malformed media files. If a user were tricked into opening acrafted media file with a GStreamer application, an attacker could cause adenial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: gstreamer1.0-plugins-good 1.8.3-1ubuntu1.3 Ubuntu 16.04 LTS: gstreamer1.0-plugins-good 1.8.3-1ubuntu0.4 Ubuntu 14.04 LTS: gstreamer0.10-plugins-good 0.10.31-3+nmu1ubuntu5.3 gstreamer1.0-plugins-good 1.2.4-1~ubuntu1.4 Ubuntu 12.04 LTS: gstreamer0.10-plugins-good 0.10.31-1ubuntu1.5 To [ more… ]

USN-3244-1: GStreamer Base Plugins vulnerabilities Ubuntu Security Notice USN-3244-1 27th March, 2017 gst-plugins-base0.10, gst-plugins-base1.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer Base Plugins could be made to crash if it opened a specially crafted file. Software description gst-plugins-base0.10 – GStreamer Plugins gst-plugins-base1.0 – GStreamer Plugins Details Hanno Böck discovered that GStreamer Base Plugins did not correctly handlecertain malformed media files. If a user were tricked into opening acrafted media file with a GStreamer application, an attacker could cause adenial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: gstreamer1.0-plugins-base 1.8.3-1ubuntu1.1 Ubuntu 16.04 LTS: gstreamer1.0-plugins-base 1.8.3-1ubuntu0.2 Ubuntu 14.04 LTS: gstreamer1.0-plugins-base 1.2.4-1~ubuntu2.1 gstreamer0.10-plugins-base 0.10.36-1.1ubuntu2.1 Ubuntu 12.04 LTS: gstreamer0.10-plugins-base 0.10.36-1ubuntu0.2 To [ more… ]