SECURITY

USN-2981-1: libarchive vulnerabilities Ubuntu Security Notice USN-2981-1 17th May, 2016 libarchive vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libarchive could be made to crash or run programs if it opened a specially crafted file. Software description libarchive – Library to read/write archive files Details It was discovered that libarchive incorrectly handled certain entry-sizevalues in ZIP archives. A remote attacker could use this issue to causelibarchive to crash, resulting in a denial of service, or possibly executearbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10and Ubuntu 16.04 LTS. (CVE-2016-1541) It was discovered that libarchive incorrectly handled memory whenprocessing certain tar files. A remote attacker could use this issue tocuase libarchive to crash, resulting in a denial of service. (CVE numberpending) Update [ more… ]

USN-2982-1: Libksba vulnerabilities Ubuntu Security Notice USN-2982-1 17th May, 2016 libksba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libksba could be made to crash or run programs if it decoded specially crafted data. Software description libksba – X.509 and CMS support library Details Hanno Böck discovered that Libksba incorrectly handled decoding certain BERdata. An attacker could use this issue to cause Libksba to crash, resultingin a denial of service. This issue only applied to Ubunt 12.04 LTS andUbuntu 14.04 LTS. (CVE-2016-4353) Hanno Böck discovered that Libksba incorrectly handled decoding certain BERdata. An attacker could use this issue to cause Libksba to crash, resultingin a denial of service, or possibly execute arbitrary code. This issue onlyapplied to Ubunt 12.04 LTS and Ubuntu 14.04 LTS. [ more… ]

USN-2980-1: libndp vulnerability Ubuntu Security Notice USN-2980-1 17th May, 2016 libndp vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Summary libndp could be tricked into accepting an NDP message from outside the local network. Software description libndp – Library for Neighbor Discovery Protocol Details Julien Bernard discovered that libndp incorrectly performed origin checkswhen receiving Neighbor Discovery Protocol (NDP) messages. A remoteattacker outside of the local network could use this issue to advertise anode as a router, causing a denial of service, or possibly to act as a manin the middle. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libndp0 1.4-2ubuntu0.16.04.1 Ubuntu 15.10: libndp0 1.4-2ubuntu0.15.10.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need [ more… ]