SECURITY

USN-2941-1: Quagga vulnerabilities Ubuntu Security Notice USN-2941-1 24th March, 2016 quagga vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Quagga could be made to crash or run programs if it received specially crafted network traffic. Software description quagga – BGP/OSPF/RIP routing daemon Details Kostya Kortchinsky discovered that Quagga incorrectly handled certain routedata when configured with BGP peers enabled for VPNv4. A remote attackercould use this issue to cause Quagga to crash, resulting in a denial ofservice, or possibly execute arbitrary code. (CVE-2016-2342) It was discovered that Quagga incorrectly handled messages with a largeLSA when used in certain configurations. A remote attacker could use thisissue to cause Quagga to crash, resulting in a denial of service. Thisissue only affected Ubuntu 12.04 LTS. (CVE-2013-2236) Update instructions The problem can [ more… ]

USN-2939-1: LibTIFF vulnerabilities Ubuntu Security Notice USN-2939-1 23rd March, 2016 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformedimages. If a user or automated system were tricked into opening a speciallycrafted image, a remote attacker could crash the application, leading to adenial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9 To update your system, please follow [ more… ]