SECURITY

USN-3227-1: ICU vulnerabilities Ubuntu Security Notice USN-3227-1 13th March, 2017 icu vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ICU. Software description icu – International Components for Unicode library Details It was discovered that ICU incorrectly handled certain memory operationswhen processing data. If an application using ICU processed crafted data,a remote attacker could possibly cause it to crash or potentially executearbitrary code with the privileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libicu57 57.1-4ubuntu0.1 Ubuntu 16.04 LTS: libicu55 55.1-7ubuntu0.1 Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.5 Ubuntu 12.04 LTS: libicu48 4.8.1.1-3ubuntu0.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a [ more… ]

USN-3226-1: icoutils vulnerabilities Ubuntu Security Notice USN-3226-1 13th March, 2017 icoutils vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary icoutils could be made to crash or run programs as your login if it opened a specially crafted file. Software description icoutils – Create and extract MS Windows icons and cursors Details Jerzy Kramarz discovered that icoutils incorrectly handled memory whenprocessing certain files. If a user or automated system were tricked intoopening a specially crafted file, an attacker could cause icoutils tocrash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: icoutils 0.29.1-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

USN-3230-1: Pillow vulnerabilities Ubuntu Security Notice USN-3230-1 13th March, 2017 pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Pillow. Software description pillow – Python Imaging Library Details It was discovered that Pillow incorrectly handled certain compressed textchunks in PNG images. A remote attacker could possibly use this issue tocause Pillow to crash, resulting in a denial of service. This issue onlyaffected Ubuntu 14.04 LTS. (CVE-2014-9601) Cris Neckar discovered that Pillow incorrectly handled certain malformedimages. A remote attacker could use this issue to cause Pillow to crash,resulting in a denial of service, or possibly obtain sensitive information.(CVE-2016-9189) Cris Neckar discovered that Pillow incorrectly handled certain malformedimages. A remote attacker could use this issue to cause Pillow to crash,resulting in a denial [ more… ]