SECURITY

USN-3459-2: MySQL vulnerabilities Ubuntu Security Notice USN-3459-2 30th October, 2017 mysql-5.5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database Details USN-3459-1 fixed several vulnerabilities in MySQL. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 12.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: mysql-server-5.5 5.5.58-0ubuntu0.12.04.1 To update your system, please [ more… ]

USN-3464-2: Wget vulnerabilities Ubuntu Security Notice USN-3464-2 30th October, 2017 wget vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Wget. Software description wget – retrieves files from the web Details USN-3464-1 fixed several vulnerabilities in Wget. This updateprovides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences in HTTP headers. [ more… ]

USN-3467-1: poppler vulnerability Ubuntu Security Notice USN-3467-1 30th October, 2017 poppler vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary poppler could be made to crash if it opened a specially crafted file. Software description poppler – PDF rendering library Details It was discovered that Poppler incorrectly handled certain files.If a user or automated system were tricked into opening acrafted PDF file, an attacker could cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libpoppler68 0.57.0-2ubuntu4.1 poppler-utils 0.57.0-2ubuntu4.1 Ubuntu 17.04: libpoppler64 0.48.0-2ubuntu2.4 poppler-utils 0.48.0-2ubuntu2.4 Ubuntu 16.04 LTS: libpoppler58 0.41.0-0ubuntu1.5 poppler-utils 0.41.0-0ubuntu1.5 Ubuntu 14.04 LTS: poppler-utils 0.24.5-2ubuntu4.8 libpoppler44 0.24.5-2ubuntu4.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]