SECURITY

USN-3433-1: poppler vulnerabilities Ubuntu Security Notice USN-3433-1 2nd October, 2017 poppler vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary poppler could be made to crash if opened a specially crafted file. Software description poppler – PDF rendering library Details It was discovered that Poppler incorrectly handled certain files.If a user or automated system were tricked into opening acrafted PDF file, an attacker could cause a denial service.This issue only affected Ubuntu 17.04. (CVE-2017-14517) It was discovered that Poppler incorrectly handled certain files.If a user or automated system were tricked into opening a crafted PDF file,an attacker could cause a denial of service. (CVE-2017-14519) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libpoppler64 0.48.0-2ubuntu2.2 poppler-utils 0.48.0-2ubuntu2.2 Ubuntu 16.04 [ more… ]

USN-3430-1: Dnsmasq vulnerabilities Ubuntu Security Notice USN-3430-1 2nd October, 2017 dnsmasq vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Dnsmasq. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacherdiscovered that Dnsmasq incorrectly handled DNS requests. A remote attackercould use this issue to cause Dnsmasq to crash, resulting in a denial ofservice, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacherdiscovered that Dnsmasq incorrectly handled IPv6 router advertisements. Aremote attacker could use this issue to cause Dnsmasq to crash, resultingin a denial of service, or possibly execute arbitrary code.(CVE-2017-14492) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacherdiscovered that Dnsmasq incorrectly [ more… ]

USN-3432-1: ca-certificates update Ubuntu Security Notice USN-3432-1 2nd October, 2017 ca-certificates update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary ca-certificates was updated to the 20170717 package. Software description ca-certificates – Common CA certificates Details The ca-certificates package contained outdated CA certificates. This updaterefreshes the included certificates to those contained in the 20170717package. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: ca-certificates 20170717~17.04.1 Ubuntu 16.04 LTS: ca-certificates 20170717~16.04.1 Ubuntu 14.04 LTS: ca-certificates 20170717~14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1719851 Source: USN-3432-1: ca-certificates update

USN-3431-1: NSS vulnerability Ubuntu Security Notice USN-3431-1 2nd October, 2017 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary NSS could be made to crash or run programs if it received specially crafted network traffic. Software description nss – Network Security Service library Details Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could use this issue to cause NSS to crash, resulting ina denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libnss3 2:3.28.4-0ubuntu0.17.04.3 Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.3 Ubuntu 14.04 LTS: libnss3 2:3.28.4-0ubuntu0.14.04.3 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applicationsthat use NSS, such [ more… ]