SECURITY

USN-3068-1: Libidn vulnerabilities Ubuntu Security Notice USN-3068-1 24th August, 2016 libidn vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Libidn. Software description libidn – implementation of IETF IDN specifications Details Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and NikosMavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8characters. A remote attacker could use this issue to cause Libidn tocrash, resulting in a denial of service, or possibly disclose sensitivememory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2015-2059) Hanno Böck discovered that Libidn incorrectly handled certain input. Aremote attacker could possibly use this issue to cause Libidn to crash,resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262,CVE-2016-6261, CVE-2016-6263) Update instructions The problem can be corrected by updating your system to the [ more… ]

USN-3067-1: HarfBuzz vulnerabilities Ubuntu Security Notice USN-3067-1 24th August, 2016 harfbuzz vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary HarfBuzz could be made to crash or run programs as your login if it processed specially crafted data. Software description harfbuzz – OpenType text shaping engine Details Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. Aremote attacker could use this issue to cause HarfBuzz to crash, resultingin a denial of service, or possibly execute arbitrary code. (CVE-2015-8947) It was discovered that HarfBuzz incorrectly handled certain length checks.A remote attacker could use this issue to cause HarfBuzz to crash,resulting in a denial of service, or possibly execute arbitrary code.This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052) Update instructions The problem can be corrected by updating your system to the following [ more… ]