SECURITY

USN-3276-3: shadow vulnerability Ubuntu Security Notice USN-3276-3 14th November, 2017 shadow vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary su could be made to crash or stop programs as an administrator. Software description shadow – system login tools Details USN-3276-1 and USN-3276-2 fixed vulnerabilities in shadow. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. (CVE-2016-6252) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: passwd 1:4.1.4.2+svn3283-3ubuntu5.2 login 1:4.1.4.2+svn3283-3ubuntu5.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-2616 Source: USN-3276-3: shadow [ more… ]

USN-3479-1: PostgreSQL vulnerabilities Ubuntu Security Notice USN-3479-1 14th November, 2017 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in PostgreSQL. Software description postgresql-9.3 – Object-relational SQL database postgresql-9.5 – Object-relational SQL database postgresql-9.6 – Object-relational SQL database Details David Rowley discovered that PostgreSQL incorrectly handled memory whenprocessing certain JSON functions. A remote attacker could possibly usethis issue to obtain sensitive information. (CVE-2017-15098) Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECTprivileges when processing INSERT … ON CONFLICT DO UPDATE commands. Aremote attacker could possibly use this issue to obtain sensitiveinformation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 andUbuntu 17.10. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu [ more… ]

USN-3478-2: Perl vulnerability Ubuntu Security Notice USN-3478-2 13th November, 2017 perl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Perl could be made to crash if it received specially crafted input. Software description perl – Practical Extraction and Report Language Details USN-3478-1 fixed two vulnerabilities in Perl. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-12883) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: perl 5.14.2-6ubuntu2.6 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]