SECURITY

USN-3198-1: OpenJDK 6 vulnerabilities Ubuntu Security Notice USN-3198-1 15th February, 2017 openjdk-6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenJDK 6. Software description openjdk-6 – Open Source Java implementation Details Karthik Bhargavan and Gaetan Leurent discovered that the DES andTriple DES ciphers were vulnerable to birthday attacks. A remoteattacker could possibly use this flaw to obtain clear text data fromlong encrypted sessions. This update moves those algorithms to thelegacy algorithm set and causes them to be used only if no non-legacyalgorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures usingnon-canonical DER encoding. An attacker could use this to modify orexpose sensitive data. (CVE-2016-5546) It was discovered that covert timing channel vulnerabilities existedin the DSA implementations in OpenJDK. A remote attacker could [ more… ]

USN-3197-1: libgc vulnerability Ubuntu Security Notice USN-3197-1 15th February, 2017 libgc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Applications using libgc could be made to crash or run programs as your login. Software description libgc – Boehm-Demers-Weiser garbage collecting storage allocator library Details Kuang-che Wu discovered that multiple integer overflow vulnerabilitiesexisted in libgc. An attacker could use these to cause a denial ofservice (application crash) or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libgc1c2 1:7.4.2-8ubuntu0.1 Ubuntu 16.04 LTS: libgc1c2 1:7.4.2-7.3ubuntu0.1 Ubuntu 14.04 LTS: libgc1c2 1:7.2d-5ubuntu2.1 Ubuntu 12.04 LTS: libgc1c2 1:7.1-8ubuntu0.12.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart [ more… ]