SECURITY

USN-3131-1: ImageMagick vulnerabilities Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ImageMagick. Software description imagemagick – Image manipulation programs and library Details It was discovered that ImageMagick incorrectly handled certain malformedimage files. If a user or automated system using ImageMagick were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service or possibly execute code with the privileges ofthe user invoking the program. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.1 imagemagick 8:6.8.9.9-7ubuntu8.1 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.1 imagemagick-6.q16 8:6.8.9.9-7ubuntu8.1 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.1 Ubuntu 16.04 LTS: libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.2 imagemagick 8:6.8.9.9-7ubuntu5.2 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.2 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.2 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.2 [ more… ]

USN-3124-1: Firefox vulnerabilities Ubuntu Security Notice USN-3124-1 18th November, 2016 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard,Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, EhsanAkhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiplememory safety issues in Firefox. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit these tocause a denial of service via application crash, or execute arbitrarycode. (CVE-2016-5289, CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in somecircumstances. An attacker could potentially [ more… ]

USN-3130-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-3130-1 17th November, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in XXX-APP-XXX. Software description openjdk-7 – Open Source Java implementation Details It was discovered that OpenJDK did not restrict the set of algorithms usedfor Jar integrity verification. An attacker could use this to modifywithout detection the content of a JAR file, affecting system integrity.(CVE-2016-5542) It was discovered that the JMX component of OpenJDK did not sufficientlyperform classloader consistency checks. An attacker could use this tobypass Java sandbox restrictions. (CVE-2016-5554) It was discovered that the Hotspot component of OpenJDK did not properlycheck received Java Debug Wire Protocol (JDWP) packets. An attacker coulduse this to send debugging commands to a Java application with debuggingenabled. (CVE-2016-5573) It was discovered that [ more… ]