SECURITY

USN-3461-1: NVIDIA graphics drivers vulnerabilities Ubuntu Security Notice USN-3461-1 23rd October, 2017 nvidia-graphics-drivers-384 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NVIDIA graphics drivers could be made to crash or run programs as an administrator. Software description nvidia-graphics-drivers-384 – Transitional package for libcuda1-384 Details It was discovered that the NVIDIA graphics drivers contained flaws in thekernel mode layer. A local attacker could use these issues to cause adenial of service or potentially escalate their privileges on the system. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: nvidia-384 384.90-0ubuntu0.17.04.1 Ubuntu 16.04 LTS: nvidia-384 384.90-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: nvidia-384 384.90-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your [ more… ]

USN-3460-1: WebKitGTK+ vulnerabilities Ubuntu Security Notice USN-3460-1 23rd October, 2017 webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web andJavaScript engines. If a user were tricked into viewing a maliciouswebsite, a remote attacker could exploit a variety of issues related to webbrowser security, including cross-site scripting attacks, denial of serviceattacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2 libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2 Ubuntu 16.04 LTS: libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2 libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which [ more… ]

USN-3459-1: MySQL vulnerabilities Ubuntu Security Notice USN-3459-1 23rd October, 2017 mysql-5.5, mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in MySQL. Software description mysql-5.5 – MySQL database mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS,Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: mysql-server-5.7 5.7.20-0ubuntu0.17.10.1 Ubuntu 17.04: mysql-server-5.7 [ more… ]

USN-3457-1: curl vulnerability Ubuntu Security Notice USN-3457-1 23rd October, 2017 curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary curl could be made to crash or run programs if it received specially crafted network traffic. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Brian Carpenter discovered that curl incorrectly handled IMAP FETCHresponse lines. A remote attacker could use this issue to cause curl tocrash, resulting in a denial of service, or possibly execute arbitrarycode. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: libcurl3-nss 7.55.1-1ubuntu2.1 curl 7.55.1-1ubuntu2.1 libcurl3-gnutls 7.55.1-1ubuntu2.1 libcurl3 7.55.1-1ubuntu2.1 Ubuntu 17.04: libcurl3-nss 7.52.1-4ubuntu1.3 curl 7.52.1-4ubuntu1.3 libcurl3-gnutls 7.52.1-4ubuntu1.3 libcurl3 7.52.1-4ubuntu1.3 Ubuntu 16.04 LTS: libcurl3-nss 7.47.0-1ubuntu2.4 curl 7.47.0-1ubuntu2.4 libcurl3-gnutls 7.47.0-1ubuntu2.4 libcurl3 [ more… ]