SECURITY

USN-3101-1: Tracker vulnerability Ubuntu Security Notice USN-3101-1 12th October, 2016 tracker vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Tracker could be made to crash if it opened a specially crafted file. Software description tracker – metadata database, indexer and search tool Details It was discovered that Tracker incorrectly handled certain malformed GIFimages. If a user or automated system were tricked into downloading aspecially-crafted GIF image, Tracker could crash, resulting in a denial ofservice. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: tracker-extract 1.6.2-0ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to makeall the necessary changes. References LP: 1178402 Source: USN-3101-1: Tracker vulnerability

USN-3100-1: KDE-PIM Libraries vulnerability Ubuntu Security Notice USN-3100-1 12th October, 2016 kdepimlibs vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary KMail could be made to run HTML if it opened a specially crafted email. Software description kdepimlibs – the KDE PIM libraries Details Roland Tapken discovered that the KDE-PIM Libraries incorrectly filteredURLs. A remote attacker could use this issue to perform an HTML injectionattack in the KMail plain text viewer. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libkpimutils4 4:4.8.5-0ubuntu0.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart KMail to make all thenecessary changes. References CVE-2016-7966 Source: USN-3100-1: KDE-PIM Libraries vulnerability