SECURITY

USN-3494-1: XML::LibXML vulnerability Ubuntu Security Notice USN-3494-1 27th November, 2017 libxml-libxml-perl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary XML::LibXML could be made to crash or run programs if it processed specially crafted input. Software description libxml-libxml-perl – Perl interface to the libxml2 library Details It was discovered that XML::LibXML incorrectly handled memory whenprocessing a replaceChild call. A remote attacker could possibly use thisissue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libxml-libxml-perl 2.0128+dfsg-3ubuntu0.1 Ubuntu 17.04: libxml-libxml-perl 2.0128+dfsg-1ubuntu0.1 Ubuntu 16.04 LTS: libxml-libxml-perl 2.0123+dfsg-1ubuntu0.1 Ubuntu 14.04 LTS: libxml-libxml-perl 2.0108+dfsg-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-10672 [ more… ]

USN-3493-1: Exim vulnerability Ubuntu Security Notice USN-3493-1 27th November, 2017 exim4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Summary Exim could be made to crash or run programs if it received specially crafted network traffic. Software description exim4 – Exim is a mail transport agent Details It was discovered that Exim incorrectly handled memory in the ESMTPCHUNKING extension. A remote attacker could use this issue to cause Exim tocrash, resulting in a denial of service, or possibly execute arbitrarycode. The default compiler options for affected releases should reduce thevulnerability to a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: exim4-daemon-heavy 4.89-5ubuntu1.1 exim4-daemon-light 4.89-5ubuntu1.1 Ubuntu 17.04: exim4-daemon-heavy 4.88-5ubuntu1.2 exim4-daemon-light 4.88-5ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

USN-3476-2: postgresql-common vulnerabilities Ubuntu Security Notice USN-3476-2 27th November, 2017 postgresql-common vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary postgresql-common could be made to overwrite files as the administrator. Software description postgresql-common – PostgreSQL database-cluster manager Details USN-3476-1 fixed two vulnerabilities in postgresql-common. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2017-8806) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: postgresql-common 129ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]