SECURITY

Ubuntu Security Notice USN-2875-1 19th January, 2016 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary libxml2 could be made to crash if it opened a specially crafted file. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could possibly cause libxml2 tocrash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.3 Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.3 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.7 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.14 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]

Ubuntu Security Notice USN-2874-1 19th January, 2016 bind9 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Bind could be made to crash if it received specially crafted network traffic. Software description bind9 – Internet Domain Name Server Details It was discovered that Bind incorrectly handled certain APL data. A remoteattacker could possibly use this issue to cause Bind to crash, resulting ina denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: bind9 1:9.9.5.dfsg-11ubuntu1.2 Ubuntu 15.04: bind9 1:9.9.5.dfsg-9ubuntu0.5 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.7 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.15 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8704 Source: ubuntu-usn

Ubuntu Security Notice USN-2870-2 19th January, 2016 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash or run programs as an administrator. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty Details Yevgeny Pats discovered that the session keyring implementation in theLinux kernel did not properly reference count when joining an existingsession keyring. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-76-generic 3.13.0-76.120~precise1 linux-image-3.13.0-76-generic-lpae 3.13.0-76.120~precise1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to [ more… ]

Ubuntu Security Notice USN-2872-3 19th January, 2016 linux-raspi2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary The system could be made to crash or run programs as an administrator. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Yevgeny Pats discovered that the session keyring implementation in theLinux kernel did not properly reference count when joining an existingsession keyring. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code withadministrative privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: linux-image-4.2.0-1020-raspi2 4.2.0-1020.27 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. ATTENTION: Due to an unavoidable ABI change [ more… ]