SECURITY

USN-3173-2: NVIDIA graphics drivers vulnerability Ubuntu Security Notice USN-3173-2 20th March, 2017 nvidia-graphics-drivers-375 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NVIDIA graphics drivers could be made to crash under certain conditions. Software description nvidia-graphics-drivers-375 – NVIDIA binary X.Org driver Details USN-3173-1 fixed a vulnerability in nvidia-graphics-drivers-304 andnvidia-graphics-drivers-340. This update provides the corresponding update fornvidia-graphics-drivers-375. Original advisory details: It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: nvidia-367 375.39-0ubuntu0.16.10.1 nvidia-375 375.39-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: nvidia-367 375.39-0ubuntu0.16.04.1 nvidia-375 375.39-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: nvidia-367 375.39-0ubuntu0.14.04.1 nvidia-375 375.39-0ubuntu0.14.04.1 To update your system, [ more… ]

USN-3238-1: Firefox vulnerability Ubuntu Security Notice USN-3238-1 20th March, 2017 firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary An integer overflow was discovered in Firefox. Software description firefox – Mozilla Open Source web browser Details An integer overflow was discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could exploit this tocause a denial of service via application crash or execute arbitrary code.(CVE-2017-5428) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: firefox 52.0.1+build2-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: firefox 52.0.1+build2-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: firefox 52.0.1+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 52.0.1+build2-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]

USN-3183-2: GnuTLS vulnerability Ubuntu Security Notice USN-3183-2 20th March, 2017 gnutls26 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to hang if it received specially crafted network traffic. Software description gnutls26 – GNU TLS library Details USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu16.10. This update provides the corresponding update for Ubuntu 12.04 LTSand Ubuntu 14.04 LTS. Original advisory details: Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a [ more… ]

USN-3237-1: FreeType vulnerability Ubuntu Security Notice USN-3237-1 20th March, 2017 freetype vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary FreeType could be made to crash or run programs if it opened a specially crafted font file. Software description freetype – FreeType 2 is a font engine library Details It was discovered that FreeType did not correctly handle certain malformedfont files. If a user were tricked into using a specially crafted fontfile, a remote attacker could cause FreeType to crash, resulting in adenial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libfreetype6 2.6.3-3ubuntu1.1 Ubuntu 16.04 LTS: libfreetype6 2.6.1-0.1ubuntu2.1 Ubuntu 14.04 LTS: libfreetype6 2.5.2-1ubuntu2.6 Ubuntu 12.04 LTS: libfreetype6 2.4.8-1ubuntu2.4 [ more… ]