SECURITY

Ubuntu Security Notice USN-2857-2 5th January, 2016 linux-lts-vivid vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to run programs as an administrator. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectlyhandled setattr operations. A local unprivileged attacker could use this tocreate files with administrative permission attributes and executearbitrary code with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-3.19.0-43-powerpc64-emb 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-lowlatency 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc64-smp 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-generic-lpae 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc-smp 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-generic 3.19.0-43.49~14.04.1 linux-image-3.19.0-43-powerpc-e500mc 3.19.0-43.49~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable [ more… ]

Ubuntu Security Notice USN-2857-1 5th January, 2016 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Summary The system could be made to run programs as an administrator. Software description linux – Linux kernel Details Nathan Williams discovered that overlayfs in the Linux kernel incorrectlyhandled setattr operations. A local unprivileged attacker could use this tocreate files with administrative permission attributes and executearbitrary code with elevated privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.04: linux-image-3.19.0-43-generic 3.19.0-43.49 linux-image-3.19.0-43-lowlatency 3.19.0-43.49 linux-image-3.19.0-43-powerpc64-smp 3.19.0-43.49 linux-image-3.19.0-43-generic-lpae 3.19.0-43.49 linux-image-3.19.0-43-powerpc64-emb 3.19.0-43.49 linux-image-3.19.0-43-powerpc-smp 3.19.0-43.49 linux-image-3.19.0-43-powerpc-e500mc 3.19.0-43.49 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen [ more… ]

Ubuntu Security Notice USN-2856-1 5th January, 2016 ldb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ldb. Software description ldb – LDAP-like embedded database Details Thilo Uttendorfer discovered that the ldb incorrectly handled certain zerovalues. A remote attacker could use this issue to cause applications usingldb, such as Samba, to stop responding, resulting in a denial of service.(CVE-2015-3223) Douglas Bagnall discovered that ldb incorrectly handled certain stringlengths. A remote attacker could use this issue to possibly accesssensitive information from memory of applications using ldb, such as Samba.(CVE-2015-5330) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libldb1 2:1.1.20-2ubuntu0.1 Ubuntu 15.04: libldb1 1:1.1.18-1ubuntu0.1 Ubuntu 14.04 LTS: libldb1 1:1.1.16-1ubuntu0.1 Ubuntu 12.04 LTS: [ more… ]

Ubuntu Security Notice USN-2855-1 5th January, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handledcertain packets. A remote attacker could use this issue to cause the LDAPserver to stop responding, resulting in a denial of service. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.(CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. Aremote attacker could use this issue to access files outside the exportedshare path. (CVE-2015-5252) Stefan Metzmacher discovered that Samba did not enforce signing whencreating encrypted connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw [ more… ]