SECURITY

USN-3090-1: Pillow vulnerabilities Ubuntu Security Notice USN-3090-1 27th September, 2016 Pillow vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Pillow could be made to crash if it received specially crafted input or opened a specially crafted file. Software description pillow – Python Imaging Library compatibility layer Details It was discovered that a flaw in processing a compressed text chunk ina PNG image could cause the image to have a large size when decompressed,potentially leading to a denial of service. (CVE-2014-9601) Andrew Drake discovered that Pillow incorrectly validated input. A remoteattacker could use this to cause Pillow to crash, resulting in a denialof service. (CVE-2014-3589) Eric Soroos discovered that Pillow incorrectly handled certain malformedFLI, Tiff, and PhotoCD files. A remote attacker could use this issue tocause Pillow to crash, resulting in a denial [ more… ]

USN-3088-1: Bind vulnerability Ubuntu Security Notice USN-3088-1 27th September, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled building responses tocertain specially crafted requests. A remote attacker could possibly usethis issue to cause Bind to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.1 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.9 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.17 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-2776 [ more… ]