SECURITY

USN-3428-1: Emacs vulnerability Ubuntu Security Notice USN-3428-1 21st September, 2017 emacs25 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs25 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: emacs25 25.1+1-3ubuntu4.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3428-1: Emacs vulnerability

USN-3427-1: Emacs vulnerability Ubuntu Security Notice USN-3427-1 21st September, 2017 emacs24 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Emacs could be made to run programs as your login if it opened a specially crafted file. Software description emacs24 – GNU Emacs editor Details Charles A. Roelli discovered that Emacs incorrectly handled certainfiles. If a user were tricked into opening a specially crafted file, anattacker could possibly use this to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: emacs24 24.5+1-6ubuntu1.1 Ubuntu 14.04 LTS: emacs24 24.3+1-2ubuntu1.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-14482 Source: USN-3427-1: Emacs vulnerability

USN-3426-1: Samba vulnerabilities Ubuntu Security Notice USN-3426-1 21st September, 2017 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Samba could be made to expose sensitive information over the network. Software description samba – SMB/CIFS file, print, and login server for Unix Details Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing incertain situations. A remote attacker could use this issue to perform a manin the middle attack. (CVE-2017-12150) Stefan Metzmacher discovered that Samba incorrectly handled encryptionacross DFS redirects. A remote attacker could use this issue to perform aman in the middle attack. (CVE-2017-12151) Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memorywhen SMB1 is being used. A remote attacker could possibly use this issue toobtain server memory contents. (CVE-2017-12163) Update instructions The problem can [ more… ]

USN-3414-2: QEMU regression Ubuntu Security Notice USN-3414-2 20th September, 2017 qemu regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3414-1 introduced a regression in QEMU. Software description qemu – Machine emulator and virtualizer Details USN-3414-1 fixed vulnerabilities in QEMU. The patch backport forCVE-2017-9375 was incomplete and caused a regression in the USB xHCIcontroller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112) [ more… ]