SECURITY

USN-3382-2: PHP vulnerabilities Ubuntu Security Notice USN-3382-2 18th December, 2017 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details USN-3382-1 fixed several vulnerabilities in PHP. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A [ more… ]

USN-3509-3: Linux kernel regression Ubuntu Security Notice USN-3509-3 15th December, 2017 linux, linux-aws, linux-kvm, linux-raspi2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-3509-1 introduced a regression in the Linux kernel for Ubuntu 16.04 LTS. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 Details USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. Unfortunately, it also introduced a regression that prevented theCeph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem (XFRM) in the Linux kernel. A local attacker could use this to cause a denial of [ more… ]