SECURITY

USN-2985-1: GNU C Library vulnerabilities Ubuntu Security Notice USN-2985-1 25th May, 2016 eglibc, glibc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in the GNU C Library. Software description eglibc – GNU C Library glibc – GNU C Library Details Martin Carpenter discovered that pt_chown in the GNU C Library did notproperly check permissions for tty files. A local attacker could use thisto gain administrative privileges or expose sensitive information.(CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation inthe GNU C Library did not properly manage its file descriptors. An attackercould use this to cause a denial of service (infinite loop).(CVE-2014-8121) Joseph Myers discovered that the GNU C Library did not properly handle longarguments to functions returning a representation [ more… ]

USN-2950-5: Samba regression Ubuntu Security Notice USN-2950-5 25th May, 2016 samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Summary USN-2950-1 introduced a regression in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba toversion 4.3.9, which introduced a regression when using the ntlm_auth tool.This update fixes the problem. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to [ more… ]