SECURITY

USN-3135-2: GStreamer Good Plugins vulnerability Ubuntu Security Notice USN-3135-2 28th November, 2016 gst-plugins-good0.10, gst-plugins-good1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. Software description gst-plugins-good0.10 – GStreamer plugins gst-plugins-good1.0 – GStreamer plugins Details USN-3135-1 fixed a vulnerability in GStreamer Good Plugins. The originalsecurity fix was incomplete. This update fixes the problem. Original advisory details: Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the [ more… ]

USN-3137-1: MoinMoin vulnerabilities Ubuntu Security Notice USN-3137-1 23rd November, 2016 moin vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in MoinMoin. Software description moin – Collaborative hypertext environment Details It was discovered that MoinMoin did not properly sanitize certain inputs,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the samedomain. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: python-moinmoin 1.9.8-1ubuntu1.16.10.1 Ubuntu 16.04 LTS: python-moinmoin 1.9.8-1ubuntu1.16.04.1 Ubuntu 14.04 LTS: python-moinmoin 1.9.7-1ubuntu2.1 Ubuntu 12.04 LTS: python-moinmoin 1.9.3-1ubuntu2.3 To update your system, please follow these [ more… ]

USN-3136-1: LXC vulnerability Ubuntu Security Notice USN-3136-1 23rd November, 2016 lxc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary LXC could be made to allow containers to access to the host filesystem. Software description lxc – Linux Containers userspace tools Details Roman Fiedler discovered a directory traversal flaw in lxc-attach. Anattacker with access to an LXC container could exploit this flaw to accessfiles outside of the container. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: lxc1 2.0.5-0ubuntu1.2 liblxc1 2.0.5-0ubuntu1.2 Ubuntu 16.04 LTS: lxc1 2.0.5-0ubuntu1~ubuntu16.04.3 liblxc1 2.0.5-0ubuntu1~ubuntu16.04.3 Ubuntu 14.04 LTS: lxc 1.0.8-0ubuntu0.4 liblxc1 1.0.8-0ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-8649 Source: [ more… ]