SECURITY

USN-3465-1: Irssi vulnerabilities Ubuntu Security Notice USN-3465-1 26th October, 2017 irssi vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Irssi. Software description irssi – terminal based IRC client Details Brian Carpenter discovered that Irssi incorrectly handled messages withinvalid time stamps. A malicious IRC server could use this issue to causeIrssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nicklist. A malicious IRC server could use this issue to cause Irssi to crash,resulting in a denial of service. (CVE-2017-10966) Joseph Bisch discovered that Irssi incorrectly removed destroyed channelsfrom the query list. A malicious IRC server could use this issue to causeIrssi to crash, resulting in a denial of service. (CVE-2017-15227) [ more… ]

USN-3464-1: Wget vulnerabilities Ubuntu Security Notice USN-3464-1 26th October, 2017 wget vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Wget. Software description wget – retrieves files from the web Details Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wgetincorrectly handled certain HTTP responses. A remote attacker could usethis issue to cause Wget to crash, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Dawid Golunski discovered that Wget incorrectly handled recursive ormirroring mode. A remote attacker could possibly use this issue to bypassintended access list restrictions. (CVE-2016-7098) Orange Tsai discovered that Wget incorrectly handled CRLF sequences inHTTP headers. A remote attacker could possibly use this issue to injectarbitrary HTTP headers. (CVE-2017-6508) Update instructions The problem [ more… ]

USN-3466-1: systemd vulnerability Ubuntu Security Notice USN-3466-1 26th October, 2017 systemd vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Summary systemd could be made to temporarily stop responding if it received specially crafted network traffic. Software description systemd – system and service manager Details Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectlyhandled certain DNS responses. A remote attacker could possibly use thisissue to cause systemd to temporarily stop responding, resulting in adenial of service. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: systemd 234-2ubuntu12.1 Ubuntu 17.04: systemd 232-21ubuntu7.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-15908 Source: USN-3466-1: systemd vulnerability