SECURITY

USN-3532-1: GDK-PixBuf vulnerabilities Ubuntu Security Notice USN-3532-1 15th January, 2018 gdk-pixbuf vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GDK-PixBuf. Software description gdk-pixbuf – GDK Pixbuf library Details It was discoreved that GDK-PixBuf incorrectly handled certain gif images.An attacker could use this to execute arbitrary code. This issue only affectedUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-1000422) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images.An attacker could use this to cause a denial of service.(CVE-2017-6312, CVE-2017-6313) Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled large TIFF files.An attacker could use this to cause a denial of service. (CVE-2017-6314) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libgdk-pixbuf2.0-0 2.36.11-1ubuntu0.1 Ubuntu 16.04 LTS: [ more… ]

USN-3531-1: Intel Microcode update Ubuntu Security Notice USN-3531-1 11th January, 2018 intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary The system could be made to expose sensitive information. Software description intel-microcode – Processor microcode for Intel CPUs Details It was discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory. (CVE-2017-5715) This update provides the microcode updates required for the correspondingLinux kernel updates. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: intel-microcode 3.20180108.0~ubuntu17.10.1 Ubuntu 17.04: intel-microcode 3.20180108.0~ubuntu17.04.1 Ubuntu 16.04 LTS: intel-microcode 3.20180108.0~ubuntu16.04.2 Ubuntu 14.04 LTS: intel-microcode 3.20180108.0~ubuntu14.04.2 To update your system, [ more… ]

USN-3530-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3530-1 11th January, 2018 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Summary WebKitGTK+ could be made to expose sensitive information. Software description webkit2gtk – Web content engine library for GTK+ Details It was discovered that speculative execution performed by modern CPUscould leak information through a timing side-channel attack, and thatthis could be exploited in web browser JavaScript engines. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to obtain sensitive information from otherdomains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.17.10.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.17.10.1 Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.17.04.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.5-0ubuntu0.16.04.1 libjavascriptcoregtk-4.0-18 2.18.5-0ubuntu0.16.04.1 To [ more… ]