SECURITY

USN-3411-1: Bazaar vulnerability Ubuntu Security Notice USN-3411-1 5th September, 2017 bzr vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Bazaar could be made run programs as your login if it opened a specially crafted URL. Software description bzr – easy to use distributed version control system Details Adam Collard discovered that Bazaar did not properly handle host namesin 'bzr+ssh://' URLs. A remote attacker could use this to constructa bazaar repository URL that when accessed could run arbitrary codewith the privileges of the user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: python-bzrlib 2.7.0+bzr6619-7ubuntu0.1 bzr 2.7.0+bzr6619-7ubuntu0.1 Ubuntu 16.04 LTS: python-bzrlib 2.7.0-2ubuntu3.1 bzr 2.7.0-2ubuntu3.1 Ubuntu 14.04 LTS: python-bzrlib 2.6.0+bzr6593-1ubuntu1.6 bzr 2.6.0+bzr6593-1ubuntu1.6 To update your system, please follow these instructions: [ more… ]

USN-3410-2: GD library vulnerability Ubuntu Security Notice USN-3410-2 5th September, 2017 libgd2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary GD library could be made to crash if it opened a specially crafted file. Software description libgd2 – GD Graphics Library Details USN-3410-1 fixed a vulnerability in GD Graphics Library.This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GD Graphics Library (aka libgd) incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.6 libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.6 libgd-tools 2.0.36~rc1~dfsg-6ubuntu2.6 To update your [ more… ]

USN-3410-1: GD library vulnerability Ubuntu Security Notice USN-3410-1 5th September, 2017 libgd2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary GD library could be made to crash if it opened a specially crafted file. Software description libgd2 – GD Graphics Library Details It was discovered that the GD Graphics Library (aka libgd) incorrectly handledcertain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Libraryto crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libgd3 2.2.4-2ubuntu0.3 libgd-tools 2.2.4-2ubuntu0.3 Ubuntu 16.04 LTS: libgd3 2.1.1-4ubuntu0.16.04.8 libgd-tools 2.1.1-4ubuntu0.16.04.8 Ubuntu 14.04 LTS: libgd3 2.1.0-3ubuntu0.8 libgd-tools 2.1.0-3ubuntu0.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]