SECURITY

USN-3241-1: audiofile vulnerabilities Ubuntu Security Notice USN-3241-1 22nd March, 2017 audiofile vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary audiofile could be made to crash or run programs if it opened a specially crafted file. Software description audiofile – Open-source version of the SGI audiofile library Details Agostino Sarubbo discovered that audiofile incorrectly handled certainmalformed audio files. If a user or automated system were tricked intoprocessing a specially crafted audio file, a remote attacker could causeapplications linked against audiofile to crash, leading to a denial ofservice, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libaudiofile1 0.3.6-2ubuntu0.14.04.2 Ubuntu 12.04 LTS: libaudiofile1 0.3.3-2ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3239-2: GNU C Library Regression Ubuntu Security Notice USN-3239-2 21st March, 2017 eglibc, glibc regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3239-1 introduced a regression in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,the fix for CVE-2015-5180 introduced an internal ABI change withinthe resolver library. This update reverts the change. We apologizefor the inconvenience. Please note that long-running services that were restarted to compensatefor the USN-3239-1 update may need to be restarted again. Original advisory details: It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This [ more… ]