SECURITY

USN-2958-1: poppler vulnerabilities Ubuntu Security Notice USN-2958-1 2nd May, 2016 poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary poppler could be made to crash or run programs if it opened a specially crafted file. Software description poppler – PDF rendering library Details It was discovered that the poppler pdfseparate tool incorrectly handledcertain filenames. A local attacker could use this issue to cause the toolto crash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only applied to Ubuntu 12.04 LTS. (CVE-2013-4473,CVE-2013-4474) It was discovered that poppler incorrectly parsed certain malformed PDFdocuments. If a user or automated system were tricked into opening acrafted PDF file, an attacker could cause a denial of service or possiblyexecute arbitrary code with privileges of the user invoking the [ more… ]

USN-2957-1: Libtasn1 vulnerability Ubuntu Security Notice USN-2957-1 2nd May, 2016 libtasn1-3, libtasn1-6 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libtasn1 could be made to hang if it processed specially crafted data. Software description libtasn1-3 – Library to manage ASN.1 structures libtasn1-6 – Library to manage ASN.1 structures Details Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handledcertain malformed DER certificates. A remote attacker could possibly usethis issue to cause applications using Libtasn1 to hang, resulting in adenial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libtasn1-6 4.5-2ubuntu0.1 Ubuntu 14.04 LTS: libtasn1-6 3.4-3ubuntu0.4 Ubuntu 12.04 LTS: libtasn1-3 2.10-1ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]