SECURITY

USN-3158-1: Samba vulnerabilities Ubuntu Security Notice USN-3158-1 19th December, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Frederic Besler and others discovered that the ndr_pull_dnsp_namfunction in Samba contained an integer overflow. An authenticatedattacker could use this to gain administrative privileges. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.(CVE-2016-2123) Simo Sorce discovered that that Samba clients always requesteda forwardable ticket when using Kerberos authentication. Anattacker could use this to impersonate an authenticated user orservice. (CVE-2016-2125) Volker Lendecke discovered that Kerberos PAC validation implementationin Samba contained multiple vulnerabilities. An authenticated attackercould use this to cause a denial of service or [ more… ]

USN-3156-2: APT regression Ubuntu Security Notice USN-3156-2 16th December, 2016 apt regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary USN-3156-1 introduced a regression in unattended-upgrades that may require manual intervention to repair. Software description apt – Advanced front-end for dpkg Details USN-3156-1 fixed vulnerabilities in APT. It also caused a bug inunattended-upgrades on that may require manual intervention to repair. Users on Ubuntu 16.10 should run the following commands at aterminal: sudo dpkg –configure –pendingsudo apt-get -f install This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Update instructions The problem can be corrected by updating your system to [ more… ]