SECURITY

USN-3135-1: GStreamer Good Plugins vulnerability Ubuntu Security Notice USN-3135-1 22nd November, 2016 gst-plugins-good0.10, gst-plugins-good1.0 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GStreamer could be made to crash or run programs as your login if it opened a specially crafted file. Software description gst-plugins-good0.10 – GStreamer plugins gst-plugins-good1.0 – GStreamer plugins Details Chris Evans discovered that GStreamer Good Plugins did not correctly handlemalformed FLC movie files. If a user were tricked into opening a craftedFLC movie file with a GStreamer application, an attacker could cause adenial of service via application crash, or execute arbitrary code with theprivileges of the user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: gstreamer1.0-plugins-good 1.8.3-1ubuntu1.1 Ubuntu [ more… ]

USN-3134-1: Python vulnerabilities Ubuntu Security Notice USN-3134-1 22nd November, 2016 python2.7, python3.2, python3.4, python3.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Python. Software description python2.7 – An interactive high-level object-oriented language python3.2 – An interactive high-level object-oriented language python3.4 – An interactive high-level object-oriented language python3.5 – An interactive high-level object-oriented language Details It was discovered that the smtplib library in Python did not return anerror when StartTLS fails. A remote attacker could possibly use this toexpose sensitive information. (CVE-2016-0772) Rémi Rampin discovered that Python would not protect CGI applicationsfrom contents of the HTTP_PROXY environment variable when based onthe contents of the Proxy header from HTTP requests. A remote attackercould possibly use this to cause a CGI application to [ more… ]

USN-3132-1: tar vulnerability Ubuntu Security Notice USN-3132-1 21st November, 2016 tar vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary tar could be made to overwrite files. Software description tar – GNU version of the tar archiving utility Details Harry Sintonen discovered that tar incorrectly handled extracting fileswhen path names are specified on the command line. If a user or automatedsystem were tricked into processing a specially crafted archive, anattacker could possibly overwrite arbitrary files. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: tar 1.29b-1ubuntu0.1 Ubuntu 16.04 LTS: tar 1.28-2.1ubuntu0.1 Ubuntu 14.04 LTS: tar 1.27.1-1ubuntu0.1 Ubuntu 12.04 LTS: tar 1.26-4ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update [ more… ]