SECURITY

USN-3183-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3183-1 1st February, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Stefan Buehler discovered that GnuTLS incorrectly verified the seriallength of OCSP responses. A remote attacker could possibly use this issueto bypass certain certificate validation measures. This issue only appliedto Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts.A remote attacker could possibly use this issue to cause GnuTLS to hang,resulting in a denial of service. This issue has only been addressed inUbuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with aProxy [ more… ]

USN-3186-1: iucode-tool vulnerability Ubuntu Security Notice USN-3186-1 1st February, 2017 iucode-tool vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary iucode-tool could be made to crash or run programs if it opened a specially crafted file. Software description iucode-tool – Intel processor microcode tool Details It was discovered that iucode-tool incorrectly handled certain microcodeswhen using the -tr loader. If a user were tricked into processing aspecially crafted microcode, a remote attacker could use this issue tocause iucode-tool to crash, resulting in a denial of service, or possiblyexecute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: iucode-tool 1.6.1-1ubuntu0.1 Ubuntu 16.04 LTS: iucode-tool 1.5.1-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

USN-3185-1: libXpm vulnerability Ubuntu Security Notice USN-3185-1 1st February, 2017 libxpm vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libXpm could be made to crash or run programs if it opened a specially crafted file. Software description libxpm – X11 pixmap library Details It was discovered that libXpm incorrectly handled certain XPM files. If auser or automated system were tricked into opening a specially crafted XPMfile, a remote attacker could use this issue to cause libXpm to crash,resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libxpm4 1:3.5.11-1ubuntu0.16.10.1 Ubuntu 16.04 LTS: libxpm4 1:3.5.11-1ubuntu0.16.04.1 Ubuntu 14.04 LTS: libxpm4 1:3.5.10-1ubuntu0.1 Ubuntu 12.04 LTS: libxpm4 1:3.5.9-4ubuntu0.1 To [ more… ]

USN-3184-1: Irssi vulnerabilities Ubuntu Security Notice USN-3184-1 1st February, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details It was discovered that the Irssi buf.pl script set incorrect permissions. Alocal attacker could use this issue to retrieve another user's windowcontents. (CVE-2016-7553) Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5193) It was discovered that Irssi incorrectly handled invalid nick messages. Aremote attacker could use this issue to cause Irssi to crash, resulting ina denial of service, or possibly execute arbitrary code. (CVE-2017-5194) Joseph Bisch discovered [ more… ]