SECURITY

Ubuntu Security Notice USN-2896-1 15th February, 2016 libgcrypt11, libgcrypt20 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Libgcrypt could be made to expose sensitive information. Software description libgcrypt11 – LGPL Crypto library libgcrypt20 – LGPL Crypto library Details Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discoveredthat Libgcrypt was susceptible to an attack via physical side channels. Alocal attacker could use this attack to possibly recover private keys. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libgcrypt20 1.6.3-2ubuntu1.1 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.3 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-7511 Source: ubuntu-usn

Ubuntu Security Notice USN-2893-1 11th February, 2016 firefox vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary A same-origin-policy bypass was discovered in Firefox. Software description firefox – Mozilla Open Source web browser Details Jason Pang discovered that service workers intercept responses to pluginnetwork requests made through the browser. An attacker could potentiallyexploit this to bypass same origin restrictions using the Flash plugin.(CVE-2016-1949) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: firefox 44.0.2+build1-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: firefox 44.0.2+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 44.0.2+build1-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Firefox to makeall the necessary changes. References CVE-2016-1949 Source: ubuntu-usn

Ubuntu Security Notice USN-2894-1 11th February, 2016 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary PostgreSQL could be made to crash or run programs if it handled specially crafted data. Software description postgresql-9.1 – Object-relational SQL database postgresql-9.3 – Object-relational SQL database postgresql-9.4 – Object-relational SQL database Details It was discovered that PostgreSQL incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causePostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configurationsettings (GUCS) for users of PL/Java. A remote attacker could possibly usethis issue to escalate privileges. (CVE-2016-0766) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: postgresql-9.4 9.4.6-0ubuntu0.15.10 Ubuntu 14.04 LTS: [ more… ]