SECURITY

USN-2950-3: Samba regressions Ubuntu Security Notice USN-2950-3 4th May, 2016 samba regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2950-1 introduced regressions in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 inUbuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regressionfixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Original advisory details: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections [ more… ]

USN-2959-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2959-1 3rd May, 2016 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSLincorrectly handled memory when decoding ASN.1 structures. A remoteattacker could use this issue to cause OpenSSL to crash, resulting in adenial of service, or possibly execute arbitrary code. (CVE-2016-2108) Juraj Somorovsky discovered that OpenSSL incorrectly performed padding whenthe connection uses the AES CBC cipher and the server supports AES-NI. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. (CVE-2016-2107) Guido Vranken discovered that OpenSSL incorrectly handled large amounts ofinput data [ more… ]