SECURITY

USN-3229-1: Python Imaging Library vulnerabilities Ubuntu Security Notice USN-3229-1 13th March, 2017 python-imaging vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Python Imaging Library. Software description python-imaging – Python Imaging Library Details It was discovered that the Python Imaging Library incorrectly handledcertain compressed text chunks in PNG images. A remote attacker couldpossibly use this issue to cause the Python Imaging Library to crash,resulting in a denial of service. (CVE-2014-9601) Cris Neckar discovered that the Python Imaging Library incorrectly handledcertain malformed images. A remote attacker could use this issue to causethe Python Imaging Library to crash, resulting in a denial of service, orpossibly obtain sensitive information. (CVE-2016-9189) Cris Neckar discovered that the Python Imaging Library incorrectly handledcertain malformed images. A remote attacker could use this issue [ more… ]

USN-3228-1: libevent vulnerabilities Ubuntu Security Notice USN-3228-1 13th March, 2017 libevent vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libevent. Software description libevent – Asynchronous event notification library Details Guido Vranken discovered that libevent incorrectly handled memory whenprocessing certain data. A remote attacker could possibly use this issuewith an application that uses libevent to cause a denial of service, orpossibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libevent-2.0-5 2.0.21-stable-2ubuntu0.16.10.1 Ubuntu 16.04 LTS: libevent-2.0-5 2.0.21-stable-2ubuntu0.16.04.1 Ubuntu 14.04 LTS: libevent-2.0-5 2.0.21-stable-1ubuntu1.14.04.2 Ubuntu 12.04 LTS: libevent-2.0-5 2.0.16-stable-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary [ more… ]

USN-3225-1: libarchive vulnerabilities Ubuntu Security Notice USN-3225-1 9th March, 2017 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash, overwrite files, or run programs as your login if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled hardlink entries whenextracting archives. A remote attacker could possibly use this issue tooverwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered thatlibarchive incorrectly handled filename lengths when writing ISO9660archives. A remote attacker could use this issue to cause libarchive tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS andUbuntu 16.04 LTS. [ more… ]