SECURITY

USN-3426-2: Samba vulnerabilities Ubuntu Security Notice USN-3426-2 2nd November, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in XXX-APP-XXX. Software description samba – SMB/CIFS file, print, and login server for Unix Details USN-3426-1 fixed several vulnerabilities in Samba. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2017-12150) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when SMB1 is being used. A remote attacker could possibly use this issue to obtain server memory contents. (CVE-2017-12163) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu [ more… ]

USN-3472-1: LibreOffice vulnerabilities Ubuntu Security Notice USN-3472-1 2nd November, 2017 libreoffice vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Software description libreoffice – Office productivity suite Details Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.If a user were tricked into opening a specially crafted PPT document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. (CVE-2017-12607) Marcin Noga discovered that LibreOffice incorrectly handled Word documents.If a user were tricked into opening a specially crafted Word document, aremote attacker could cause LibreOffice to crash, and possibly executearbitrary code. (CVE-2017-12608) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu5.2 To [ more… ]

USN-3471-1: Quagga vulnerabilities Ubuntu Security Notice USN-3471-1 31st October, 2017 quagga vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Quagga. Software description quagga – BGP/OSPF/RIP routing daemon Details Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATEmessages. A remote attacker could possibly use this issue to cause Quaggato crash, resulting in a denial of service. (CVE-2017-16227) Quentin Young discovered that Quagga incorrectly handled memory in thetelnet vty CLI. An attacker able to connect to the telnet interface couldpossibly use this issue to cause Quagga to consume memory, resulting in adenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2017-5495) Update instructions The problem can be corrected by updating your system to the following package [ more… ]

USN-3470-2: Linux kernel (Trusty HWE) vulnerabilities Ubuntu Security Notice USN-3470-2 31st October, 2017 linux-lts-trusty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()function in the Linux kernel. A local attacker could use to cause a denialof service (system crash) or possibly execute arbitrary code withadministrative privileges. (CVE-2016-8632) Dmitry Vyukov discovered that a race condition existed in the timerfdsubsystem of the Linux kernel when handling might_cancel queuing. A localattacker could use this [ more… ]