SECURITY

USN-2901-1: xdelta3 vulnerability Ubuntu Security Notice USN-2901-1 17th February, 2016 xdelta3 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary xdelta3 could be made to crash or run programs if it opened a specially crafted file. Software description xdelta3 – Diff utility which works with binary files Details It was discovered that xdelta3 incorrectly handled certain files. If a useror automated system were tricked into processing a specially-crafted file,a remote attacker could use this issue to cause xdelta3 to crash, resultingin a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: xdelta3 3.0.8-dfsg-1ubuntu0.15.10.2 Ubuntu 14.04 LTS: xdelta3 3.0.7-dfsg-2ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will [ more… ]

USN-2900-1: GNU C Library vulnerability Ubuntu Security Notice USN-2900-1 16th February, 2016 eglibc, glibc vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GNU C Library could be made to crash or run programs if it received specially crafted network traffic. Software description eglibc – GNU C Library glibc – GNU C Library Details It was discovered that the GNU C Library incorrectly handled receivingresponses while performing DNS resolution. A remote attacker could use thisissue to cause the GNU C Library to crash, resulting in a denial ofservice, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libc6 2.21-0ubuntu4.1 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13 To update your system, please [ more… ]

USN-2899-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-2899-1 16th February, 2016 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details It was discovered that LibreOffice incorrectly handled LWP document files.If a user were tricked into opening a specially crafted LWP document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libreoffice-core 1:5.0.5~rc2-0ubuntu2 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu4 Ubuntu 12.04 LTS: libreoffice-core 1:3.5.7-0ubuntu10 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart LibreOffice [ more… ]