SECURITY

USN-3120-1: Memcached vulnerabilities Ubuntu Security Notice USN-3120-1 2nd November, 2016 memcached vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Memcached could be made to crash or run programs if it received specially crafted network traffic. Software description memcached – A high-performance memory object caching system Details Aleksandar Nikolic discovered that Memcached incorrectly handled certainmalformed commands. A remote attacker could use this issue to causeMemcached to crash, resulting in a denial of service, or possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: memcached 1.4.25-2ubuntu2.1 Ubuntu 16.04 LTS: memcached 1.4.25-2ubuntu1.2 Ubuntu 14.04 LTS: memcached 1.4.14-0ubuntu9.1 Ubuntu 12.04 LTS: memcached 1.4.13-0ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard [ more… ]

USN-3113-1: Oxide vulnerabilities Ubuntu Security Notice USN-3113-1 2nd November, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine for Qt (QML plugin) Details It was discovered that a long running unload handler could cause anincognito profile to be reused in some circumstances. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to obtain sensitive information. (CVE-2016-1586) Multiple security vulnerabilities were discovered in Chromium. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit these to conduct cross-site scripting (XSS) attacks,spoof an application's URL bar, obtain sensitive information, cause adenial of service via application crash, or execute arbitrary code.(CVE-2016-5181, CVE-2016-5182, CVE-2016-5185, [ more… ]